Monday, February 16, 2015

Reuse AD machine accounts for RDS VDI

Just a quick tip. When you recreate pooled VDI in RDS, such as when updating the golden image, RDS will actually delete the Hyper-V VM and create a new one, as well as delete the AD machine account, and create a new one. This can pose a problem if you place your VDI machine accounts as members of AD security groups - that group membership will be lost when the VDI is updated.

In order to prevent this behavior, you can use the Enable-RDVirtualDesktopADMachineAccountReuse PowerShell cmdlet. This cmdlet prevents the RD connection broker from creating a new AD machine account, instead opting to reuse the existing machine account. This way, any existing group memberships will still be present after the VDI has recomposed.

