3.10. About Complex Forest Configurations

The following types of Active Directory forest configurations are supported by Oracle VDI.

Example of a Single Tree Forest

The Active Directory is a forest containing:

  • A root domain named example.com. The Global Catalogs are located in the root domain.

  • A child domain named users.example.com where all the users are located, including the user used to set up authentication in the Oracle VDI Manager.

The krb5.conf file should look similar to the following.

default_realm = USERS.EXAMPLE.COM

kdc = users.host
admin_server = users.host
kpasswd_protocol = SET_CHANGE
kdc = example.windows.host
admin_server = example.windows.host
kpasswd_protocol = SET_CHANGE

.users.example.com = USERS.EXAMPLE.COM
users.example.com = USERS.EXAMPLE.COM
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM

And the settings to be used in the Oracle VDI Manager:

  • Domain: example.com

  • Username: super-user@users.example.com

Example of Multiple Tree Forests

For example, the following multiple tree configuration with multiple domains is supported.

  • One tree containing the domain central.vdi.example.com (Forest Root) and a child domain child.central.vdi.example.com

  • A second tree containing the domain east.vdi.example.com

  • Both trees are part of the same forest (central.vdi.example.com)

In order to add this tree configuration as a Company in Oracle VDI Manager, first make sure that Kerberos has been configured correctly on the Oracle VDI hosts.

The krb5.conf file should look similar to the following.

default_realm = CENTRAL.VDI.EXAMPLE.COM 

kdc = centralroot.vdi.example.com
kdc = centralchild.vdi.example.com
kdc = eastroot.vdi.example.com

.central.vdi.example.com = CENTRAL.VDI.EXAMPLE.COM
central.vdi.example.com = CENTRAL.VDI.EXAMPLE.COM
.child.central.vdi.example.com = CHILD.CENTRAL.VDI.EXAMPLE.COM
child.central.vdi.example.com = CHILD.CENTRAL.VDI.EXAMPLE.COM
.east.vdi.example.com = EAST.VDI.EXAMPLE.COM
east.vdi.example.com = EAST.VDI.EXAMPLE.COM

In the Oracle VDI Manager New Company wizard, be sure to enter the domain name of the Forest Root in the Specify Connection step.