Creates a workspace of the enterprise AD account type.
Description
- When you create a workspace of the enterprise Active Directory (AD) account type, AD connectors are automatically created for you to connect to enterprise AD systems. You are charged for the AD connectors. For more information, see Billing overview.
-
After you call this operation to create the AD workspace, you must configure the AD domain. To configure the AD domain, perform the following operations:
1. Configure the conditional forwarder in the Domain Name System (DNS) server.
2. Configure the trust relationship in the AD domain server, and call the ConfigADConnectorTrust operation to configure the trust relationship for the AD workspace.
3. Call the ListUserAdOrganizationUnits operation to obtain the organizational unit (OU) details of the AD domain. Then, call the ConfigADConnectorUser operation to specify an OU and an administrator for the AD workspace.Note If you specify the DomainUserName and DomainPassword parameters when you create the AD workspace, you need to configure only the conditional forwarder. If you do not specify the DomainUserName and DomainPassword parameters, you need to configure the conditional forwarder, trust relationship, and OU.
For more information, see Create a workspace of the enterprise account type.
Request parameters
| Parameter | Type | Required | Example | Description |
|---|---|---|---|---|
| Action | String | Yes | CreateADConnectorOfficeSite |
The operation that you want to perform. Set the value to CreateADConnectorOfficeSite. |
| RegionId | String | Yes | cn-hangzhou |
The ID of the region. |
| CidrBlock | String | Yes | 47.100.XX.XX |
The IPv4 CIDR block in the secure office network of the workspace. The system creates a virtual private cloud (VPC) based on the IPv4 CIDR block that you specify. We recommend that you set the IPv4 CIDR block to 10.0.0.0/12, 172.16.0.0/12, 192.168.0.0/16, or a subnet of these CIDR blocks. If you set the IPv4 CIDR block to 10.0.0.0/12 or 172.16.0.0/12, the mask is 12 to 24 bits in length. If you set the IPv4 CIDR block to 192.168.0.0/16, the mask is 16 to 24 bits in length. |
| CenOwnerId | Long | No | 1234567890123456 |
The ID of the Alibaba Cloud account to which the Cloud Enterprise Network (CEN) instance belongs.
|
| CenId | String | Yes | cen-3gwy16dojz1m65**** |
The ID of the CEN instance. |
| VerifyCode | String | No | 123456 |
The verification code. If the CEN instance that you specify for the CenId parameter belongs to another Alibaba Cloud account, you must call the SendVerifyCode operation to obtain the verification code. |
| Bandwidth | Integer | No | 1 |
The maximum public bandwidth value. Valid values: 0 to 200. If you do not specify this parameter or you set this parameter to 0, Internet access is disabled. |
| DomainName | String | Yes | example.com |
The domain name of the enterprise AD system. You can register each domain name only once. |
| DomainUserName | String | No | Administrator |
The username of the domain administrator. The username can be up to 64 characters in length. Note Specify the value of the sAMAccountName parameter instead of the value of the userPrincipalName
parameter as the username.
|
| DomainPassword | String | No | testPassword |
The password of the domain administrator. The password can be up to 64 characters in length. |
| OfficeSiteName | String | No | test |
The name of the workspace. The name must be 2 to 255 characters in length. It must
start with a letter and cannot start with Default value: null. |
| EnableAdminAccess | Boolean | No | true |
Specifies whether to grant the permissions of the local administrator to the desktop users. Default value: true. |
| DesktopAccessType | String | No | Internet |
The method that you use to connect to cloud desktops. Valid values:
Default value: Internet. Note The VPC connection method is provided by Alibaba Cloud PrivateLink. You are not charged
for PrivateLink. When you set this parameter to VPC or Any, PrivateLink is automatically
activated.
|
| EnableInternetAccess | Boolean | No | true |
Specifies whether to enable Internet access. |
| SubDomainName | String | No | childexample.com |
The domain name of the enterprise AD subdomain. |
| MfaEnabled | Boolean | No | false |
Specifies whether to enable multi-factor authentication (MFA). |
| DnsAddress.N | String | Yes | 192.168.XX.XX |
The IP address N of the DNS server of the enterprise AD system. You can specify only one IP address. |
| SubDomainDnsAddress.N | String | No | 192.168.XX.XX |
The DNS address N of the enterprise AD subdomain. If you specify a value for the |
| Specification | Long | No | 1 | Specification of AD Connector.
|
| AdHostname | String | No | beijing-ad01 | Host name. The host name must comply with the Windows host convention. |
| ProtocolType | String | No | ASP | Protocol Type. Valid values: ASP. |
Response parameters
| Parameter | Type | Example | Description |
|---|---|---|---|
| RequestId | String | 3FE99D5E-93A1-493F-B1CB-0ABD4D05**** |
The ID of the request. |
| OfficeSiteId | String | cn-hangzhou+dir-363353**** |
The ID of the workspace. |
Examples
Sample requests
https://ecd.cn-hangzhou.aliyuncs.com/?Action=CreateADConnectorOfficeSite
&CenId=cen-3gwy16dojz1m65****
&CidrBlock=172.16.0.0/12
&DnsAddress.1=192.168.XX.XX
&DomainName=example.com
&DomainPassword=testPassword
&DomainUserName=Administrator
&RegionId=cn-hangzhou
&<Common request parameters>Sample success responses
XML format
HTTP/1.1 200 OK
Content-Type:application/xml
<CreateADConnectorOfficeSiteResponse>
<OfficeSiteId>cn-hangzhou+dir-363353****</OfficeSiteId>
<RequestId>3FE99D5E-93A1-493F-B1CB-0ABD4D05****</RequestId>
</CreateADConnectorOfficeSiteResponse>JSON format
HTTP/1.1 200 OK
Content-Type:application/json
{
"CreateADConnectorOfficeSiteResponse" : {
"OfficeSiteId" : "cn-hangzhou+dir-363353****",
"RequestId" : "3FE99D5E-93A1-493F-B1CB-0ABD4D05****"
}
}