Use CreateADConnectorOfficeSite to create an enterprise AD office network - Elastic Desktop Service - Alibaba Cloud - Elastic Desktop Service

WUYING Workspace supports two account types: convenience accounts and Enterprise AD accounts. This operation creates an office network (formerly known as a workspace) for Enterprise AD accounts.

Operation description

When you create an AD office network, an AD Connector is automatically created to connect to your enterprise AD. You are charged for the AD Connector. For more information, see billing overview.

After creating an AD office network, you must also configure the AD domain. Follow these steps:

Configure a conditional forwarder on your DNS server.
Establish a trust relationship on your domain controller, and then call ConfigADConnectorTrust to configure this trust for the AD office network.
Call ListUserAdOrganizationUnits to list the organizational units (OUs) in your AD domain. Then, call ConfigADConnectorUser to specify the OUs and an administrator for the AD office network.

Note
If you provide domain administrator credentials (DomainUserName and DomainPassword) when you create the AD office network, you only need to configure a conditional forwarder. If you do not provide these credentials, you must configure a conditional forwarder, establish a trust relationship, and specify the organizational units (OUs).

For more information, see Create and manage office networks for enterprise AD accounts.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

ecd:CreateADConnectorOfficeSite

create

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
RegionId	string	Yes	The ID of the region. You can call the DescribeRegions operation to query the regions supported by Elastic Desktop Service (EDS).	cn-hangzhou
CidrBlock	string	No	The IPv4 CIDR block for the office site's VPC. The system uses this IPv4 CIDR block to automatically create a VPC. We recommend that you use one of the following CIDR blocks or their subnets: `10.0.0.0/12` (The subnet mask length must be 12 to 24 bits.) `172.16.0.0/12` (The subnet mask length must be 12 to 24 bits.) `192.168.0.0/16` (The subnet mask length must be 16 to 24 bits.)	47.100.XX.XX
CenOwnerId	integer	No	The ID of the Alibaba Cloud account that owns the Cloud Enterprise Network (CEN) instance. If you do not specify `CenId`, or the specified CEN instance belongs to your Alibaba Cloud account, you do not need to specify this parameter. If the specified CEN instance belongs to another Alibaba Cloud account, you must specify that account's ID.	102681951715****
CenId	string	No	The ID of the CEN instance.	cen-3gwy16dojz1m65****
VerifyCode	string	No	The verification code. If the `CenId` that you specify belongs to another Alibaba Cloud account, you must first call the SendVerifyCode operation to obtain the verification code.	12****
Bandwidth	integer	No	The peak public bandwidth, specified in Mbit/s. The value can range from 0 to 200. If you omit this parameter or set it to 0, internet access is disabled.	1
DomainName	string	Yes	The domain name for the enterprise AD. Each domain name must be unique.	example.com
DomainUserName	string	No	The domain administrator's username. The username cannot exceed 64 characters in length. Note Use the sAMAccountName, not the userPrincipalName.	Administrator
DomainPassword	string	No	The domain administrator's password. The password cannot exceed 64 characters in length.	testPassword
OfficeSiteName	string	No	The name of the office site. The name must be 2 to 255 characters in length. It must start with a letter or a Chinese character and cannot start with `http://` or `https://`. The name can contain digits, colons (:), underscores (_), and hyphens (-). This parameter is empty by default.	test
EnableAdminAccess	boolean	No	Specifies whether to grant local administrator permissions to cloud desktop users. Default: true. Valid values: true : Grants local administrator permissions. false : Does not grant local administrator permissions.	true
DesktopAccessType	string	No	The method for connecting to cloud desktops. Note VPC connections are established using Alibaba Cloud PrivateLink, which is a free service. If you set this parameter to `VPC` or `Any`, PrivateLink is automatically enabled. Valid values: VPC : Connections are allowed only from within a VPC. Internet : Connections are allowed only over the internet. (Default) Any : Connections are allowed from a VPC or over the internet. You can choose the connection method.	Internet
EnableInternetAccess	boolean	No	This parameter is deprecated. Use the `Bandwidth` parameter to manage internet access.	true
SubDomainName	string	No	The domain name of the enterprise AD child domain.	child.example.com
MfaEnabled	boolean	No	Specifies whether to enable multi-factor authentication (MFA).	false
DnsAddress	array	Yes	An array that contains the IP address of the DNS server for the enterprise AD. You can specify only one IP address.	192.168.XX.XX
	string	No	The IP address of the DNS server.	192.168.XX.XX
SubDomainDnsAddress	array	No	The DNS address of the enterprise AD child domain. If you specify `SubDomainName` but not this parameter, the DNS address of the child domain is considered the same as that of the parent domain.	192.168.XX.XX
	string	No	The DNS address of the enterprise AD child domain. If you specify `SubDomainName` but not this parameter, the DNS address of the child domain is considered the same as that of the parent domain.	192.168.XX.XX
Specification	integer	No	The AD Connector type. Valid values: 1 : General Purpose 2 : Advanced	1
AdHostname	string	No	The domain controller hostname. The hostname must comply with Windows hostname naming conventions.	beijing-ad01
ProtocolType	string	No	The protocol type. Valid values: ASP : The ASP protocol.	ASP
BackupDns	string	No	The DNS address of the backup domain controller.	192.168.2.100
BackupDCHostname	string	No	The hostname of the backup domain controller.	dc002
VSwitchId	array	No	The list of vSwitch IDs.
	string	No	A vSwitch ID.	vsw-uf68bgq7rjwbqpg0****

Response elements

Element	Type	Description	Example
	object	The response object.
RequestId	string	The ID of the request.	1CBAFFAB-B697-4049-A9B1-67E1FC5F****
OfficeSiteId	string	The ID of the office network.	cn-hangzhou+dir-363353****

Examples

Success response

JSON format

{
  "RequestId": "1CBAFFAB-B697-4049-A9B1-67E1FC5F****",
  "OfficeSiteId": "cn-hangzhou+dir-363353****"
}

Error codes

HTTP status code	Error code	Error message	Description
400	NetworkSpace.VpcInfoExist	vpc info already exist.	Office network already exists for the corresponding VPC

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.