To join HCP with your AD domain, you can either create a new AD user account that inherits permissions from the AD group you created in Create an AD group, or you can use an existing AD user account and assign it permissions in the OU or CN in which you want HCP computer accounts to be created. HCP uses this AD user account only once during the AD join process and then never uses the AD user account again. HCP does not store AD user account credentials.
If you are creating a new AD user, follow the Creating a new AD user account and assigning it to your AD group procedure.
If you have disabled the Add HCP Computer Account to groups of Domain User checkbox on the HCP Active Directory page, then you need to use an existing AD user account. To grant permissions for an existing AD user account, follow the Configuring an existing AD user account for HCP management procedure.
Creating a new AD user account and assigning it to your AD group
To create a new AD user account and assign it to the AD group you created:
1.In the tree view in the left panel of the Active Director Users and Computers window, right-click the OU or CN in which you want to create the AD user account and select New ► User from the dropdown menu.
The New Object - User window opens.
2.In the New Object - User window:
oIn the First name field type a name for the user account (for example, HCP Admin).
oIn the User logon name field, type a username for the user account (for example, hcpadmin).
Then click the Next button.
The display in the New Object - User window changes.
3.In the New Object - User window:
oIn the Password field, type a password for the user account.
oIn the Confirm password field, type the password again.
oDeselect the User must change password at next logon option.
Then click the Next button.
The display in the New Object - User window changes.
4.Click the Finish button.
The list in the middle panel of the Server Manager window now includes the user account you just created.
5.Right-click the new user account and select Properties from the dropdown menu.
The Properties window opens.
6.Click the Member Of tab.
7.On the Member Of tab, click the Add button.
The Select Groups window opens.
8.In the Enter the object names to select field, type the name of the group you created in Create an AD group. Then click the OK button.
The AD user account inherits the permissions granted to the AD group you specify.
9.In the Properties window, click the OK button to close the window.
![]() |
Note: You should perform the following step only if you already have an existing AD user account. |
Configuring an existing AD user account for HCP management
To grant HCP management permissions to an existing AD user account:
1.In the left panel of the Active Directory Users and Computers window, right-click the OU or CN in which you want computer accounts for the HCP nodes to be created and select Properties from the dropdown menu.
The Properties window opens.
2.Click the Security tab.
3.On the Security tab, click the Advanced button.
The Advanced Security Settings window opens.
4.Click the Add button.
The Select User, Computer, Service Account, or Group window opens.
5.In the Enter object name to select field, type the name of the AD user that is joining HCP to the AD domain. Then click the OK button.
The Permission Entry window opens.
6.In the Permission Entry window:
oIn the Apply to field, select Descendant Computer objects.
oUnder Permissions, select the boxes in the Allow column for:
Read all properties
Write all properties
Delete
Change password
Reset password
Then click the OK button.
Depending on the version of Active Directory that you are using, the Permission Entry page will appear as one of the two following images.
New version of AD
Old version of AD
7.In the Advanced Settings window, click the Add button again.
The Select User, Computer, Service Account, or Group window opens.
8.In the Enter object name to select field, type the name of the AD user that is joining HCP to the AD domain. Then click the OK button.
The Permission Entry window opens.
9.In the Permission Entry window:
oIn the Apply to field, select This object and all descendant objects.
oUnder Permissions, select the boxes in the Allow column for:
Create Computer objects
Delete Computer objects
Then click the OK button.
Depending on the version of Active Directory that you are using, the Permission Entry page will appear as one of the two following images.
New version of AD
Old version of AD
10.In the Advanced Security Settings window, click the OK button to close the window.
11.In the Properties window, click the OK button to close the window.
© 2015, 2020 Hitachi Vantara LLC. All rights reserved.