Manage domain users and groups

Edit a domain user

1. From the left navigation pane, select Users > Domain Users or Users > Domain Users > User group name.

2. Click Edit in the Actions column for a domain user.

3. In the dialog box that opens, edit domain user information.

4. Click OK.

Delete domain users

1. From the left navigation pane, select Users > Domain Users or Users > Domain Users > User group name.

2. To delete domain users:

   • Delete a domain user—Click Delete in the Actions column for the target domain user. In the dialog box that opens, determine whether to delete the Samba sharing path of the user if Samba sharing is enabled, and then click OK.

   • Bulk delete domain users—Select multiple domain users, click More, and then select Delete from the pop-up menu. In the dialog box that opens, determine whether to delete the Samba sharing paths of the users if Samba sharing is enabled, and then click OK.

Edit the access policy for domain users

1. From the left navigation pane, select Users > Domain Users or Users > Domain Users > User group name.

2. Select one or multiple domain users, click More, and then click Edit Access Policy.

3. In the dialog box that opens, select an access policy, and then click OK.

Add domain users to the denylist

The Denylist page displays the users added to the denylist.

To add domain users to the denylist:

1. From the left navigation pane, select Users > Domain Users or Users > Domain Users > User group name.

2. Select one or multiple domain users and click More. Then, select Add to Denylist from the pop-up menu.

3. In the dialog box that opens, click OK.

Move domain users between domain user groups

1. From the left navigation pane, select Users > Domain Users or Users > Domain Users > User group name.

2. Select one or multiple domain users, click More, and then select Move User Group.

3. Select a domain user group, and then click OK.

Enable private disk

Only Windows and Kylin operating system VDI cloud desktops support private disks. After private disks are enabled, users need to log in to initialize the disks.

1. From the left navigation pane, select Users > Domain Users or Users > Domain Users > User group name.

2. Select one or multiple local users and click More. Then, select Private Disk from the pop-up menu, and select Enable.

3. In the dialog box that opens, set the private disk size. By default, the size is 10 GB.

4. Click OK.

Expand private disks

Only Windows and Kylin operating system VDI cloud desktops support private disks. After private disks are enabled, users need to log in to initialize the disks.

1. From the left navigation pane, select Users > Domain Users or Users > Domain Users > User group name.

2. Select one or multiple domain users and click More. Then, select Private Disk from the pop-up menu, and select Expand.

3. In the dialog box that opens, set the private disk size after expansion,and enter the administrator password, select I am fully aware of the impacts of this operation, and then click OK.

4. Click OK.

Enable or disable third-party login

1. From the left navigation pane, select Users > Domain Users or Users > Domain Users > User group name.

2. Use one of the following methods to enable/disable third-party login:

   • Enable/Disable third-party login for all users in the group: Click More and select Third-Party Login from the pop-up menu, and select Enable All or Disable All.

   • Enable/Disable third-party login for users in bulk: Select one or multiple users and click More. Then, select Third-Party Login from the pop-up menu, and select Bulk Enable or Bulk Disable.

Enable or disable Samba sharing

This feature is available only after the Samba shared server is configured. For more information about the configuration method, see "Third-Party System Collaboration".

1. From the left navigation pane, select Users > Domain Users or Users > Domain Users > User group name.

2. To enable or disable Samba sharing:

   • Enable or disable Samba sharing for a domain user—Click Edit in the Actions column for the target domain user. On the Edit Domain User page, enable or disable Samba sharing, and then click OK.

   • Bulk enable or disable Samba sharing for domain users—Select multiple domain users and click More. Then, select Samba Sharing from the pop-up menu, and select Enable or Disable.

Enable or disable QuantumCTek authentication

Restrictions and guidelines

This feature is available only when QuantumCTek authentication (see "QuantumCTek authentication (office scenario)") is configured.

Procedure

1. From the left navigation pane, select Users > Domain Users or Users > Domain Users > User group name.

2. Select one or multiple domain users and click More. Then, select Enable QuantumCTek Auth or Disable QuantumCTek Auth from the pop-up menu.

Set the user expiration time

Perform this task to set the expiration time for users. If scheduled user clearing is disabled, the client displays an expiration reminder after a user expires. If scheduled user clearing is enabled, Space Console will delete the user when it expires.

Before setting the user expiration time, access the System > Auth Collaboration > Primary Auth > LDAP Auth page, click Edit from the Actions column of an authentication server, and then enable Allow Server Data Update for the Security Control field.

To set the user expiration time:

1. From the left navigation pane, select Users > Domain Users or Users > Domain Users > User group name.

2. Select one or multiple domain users and click More. Then, select Set User Expiration Time from the pop-up menu.

3. In the dialog box that opens, set the user expiration time. If this field is empty, the users will never expire.

4. Click OK.

Configure scheduled user clearing

1. From the left navigation pane, select Users > Domain Users or Users > Domain Users > User group name.

2. Click More. Then, select Configure Scheduled User Clearing from the pop-up menu.

3. In the dialog box that opens, select whether to enable expired user clearing.

4. Click OK.

Set the user validity period for domain users

If a user has not logged in to the cloud desktop within the specified validity period, the user will be disabled. A user in disabled state cannot log in to the client or the self-service system.

To set the user validity period:

1. From the left navigation pane, select Users > Domain Users or Users > Domain Users > User group name.

2. Select one or multiple domain users, and click More. Then, select Set User Validity Period from the pop-up menu.

3. In the dialog box that opens, set the user validity period. Value 0 indicates no user validity limit.

4. Click OK.

Reset domain user passwords

1. From the left navigation pane, select Users > Domain Users or Users > Domain Users > User group name.

2. Select one or multiple users and click More. Then, select Reset Password from the pop-up menu.

3. In the dialog box that opens, enter a new password and click OK.

Edit the user type (education scenario)

Restrictions and guidelines

In the education scenario, you can bulk change the user type of users from common to student or faculty.

In the current software version, ARM hosts do not support editing the user type.

Procedure

1. From the left navigation pane, select Users > Domain Users or Users > Domain Users > User group name.

2. Select one or multiple domain users and click More. Then, select Edit User Type from the pop-up menu.

3. In the dialog box that opens, select a user type.

4. Click OK.

Export third-party system accounts

Perform this task to export mapping entries between all domain users on Space Console and third-party system accounts. The exported mapping entries will be downloaded in a CSV file to the default download path of the browser. This task is not supported in the education scenario.

To export third-party accounts:

1. From the left navigation pane, select Users > Domain Users or Users > Domain Users > User group name.

2. Select one or multiple domain users and click More. Then, select Third-Party System Accounts from the pop-up menu, and select Export.

Enable or disable Google Authenticator

With Google Authenticator enabled, a user must perform the following tasks to log in to the client:

• For a user logs in to the client for the first time:

  1. Enter the username and password to access the 2FA page.

     The 2FA page displays the QR code and password for Google Authenticator.

  2. Use Google Authenticator installed on a mobile endpoint to scan the QR code or enter the Google Authenticator key to bind the user account, and then obtain the verification code.

  3. Enter the verification code to log in to the client.

• For a user that does not log in to the client for the first time:

  1. Enter the username and password to access the 2FA page.

     The 2FA page displays the verification code login prompt.

  2. Start Google Authenticator to obtain the verification code.

  3. Enter the verification code to log in to the client.

To enable or disable Google Authenticator:

1. From the left navigation pane, select Users > Domain Users or Users > Domain Users > User group name.

2. Select one or multiple domain users and click More. Then, select Google Authenticator from the pop-up menu, and select Enable or Disable.

Reset the Google Authenticator key

Use the Google Authenticator key to bind the user account, and generate a verification code for the client login. The binding between the user account and the Google Authenticator key takes effect permanently. After the Google Authenticator key is bound, when a user logs in to the client, the user can enter the verification code obtained from Google Authenticator for verification. The Google Authenticator key reset is required for a scenario where a mobile device installed with Google Authenticator is lost or Google Authenticator is reinstalled. After the Google Authenticator key reset, use Google Authenticator to rebind the new Google Authenticator key to the user account.

To reset the Google Authenticator key:

1. From the left navigation pane, select Users > Domain Users or Users > Domain Users > User group name.

2. Select one or multiple domain users and click More. Then, select Google Authenticator from the pop-up menu, and select Key Reset.

View domain user details

1. From the left navigation pane, select Users > Domain Users or Users > Domain Users > User group name.

2. Click the login name of a user in the user list.

   On the user details page, you can view user information and license information. The license information is as follows:

   • Desktop: Displays all desktops authorized to the current user.

   • Application: Application information of the current user can be queried after the user logs in to Workspace. If the user logs out, application information cannot be queried. Only VDI application server pools are supported.

Edit a domain user group

1. From the left navigation pane, select Users > Domain Users or Users > Domain Users > OU name.

2. Click Edit in the Actions column for the domain user group.

3. In the dialog box that opens, edit domain user group parameters.

4. Click OK.

Delete domain user groups

1. From the left navigation pane, select Users > Domain Users or Users > Domain Users > OU name.

2. To delete domain user groups:

   • Delete a domain user group on the page of an OU—Click Delete in the Actions column for the target domain user group. In the dialog box that opens, click OK.

   • Bulk delete domain user groups—Select multiple domain user groups, click More, and then click Delete. In the dialog box that opens, click OK.

Change the grade level (education scenario)

In the current software version, ARM hosts do not support changing the grade level.

Procedure

1. From the left navigation pane, select Users > Domain Users.

2. Click Manage Grade Levels in the upper-right corner of the page.

3. Click Change Grade Level.

4. Select All or Custom in the Target Grade Levels field and specify the change type. If you select Custom, you must also specify a group (a class).

5. Click OK.

Parameters

• Target Grade Levels: Options are All and Custom. To change the grade level of all classes, select All. To change the grade level of one class, select Custom and specify the group name of the class.

• Type: Options are Upgrade and Downgrade.

  • To change the class to its higher-level grade, select Upgrade. If the class is the highest-level grade, it cannot be upgraded.

  • To change the class to its lower-level grade, select Downgrade. If the class is the lowest-level grade, it cannot be downgraded.

Edit the access policy for domain user groups

1. From the left navigation pane, select Users > Domain Users or Users > Domain Users > User group name.

2. Select one or multiple domain user groups, click More, and then click Edit Access Policy.

3. In the dialog box that opens, select an access policy, and then click OK.

Set the user validity period for domain user groups

If a user of a user group has not logged in to the cloud desktop within the specified validity period, the user will be disabled. A user in disabled state cannot log in to the client or the self-service system.

To set the user group validity period:

1. From the left navigation pane, select Users > Domain Users or Users > Domain Users > OU name.

2. Select one or multiple domain users, click More. Then, select Set User Validity Period from the pop-up menu.

3. In the dialog box that opens, set the user validity period. Value 0 indicates no user validity limit.

4. Click OK.