Windows MultiPoint Server 2012 - Join a WMS 2012 server to an Active Directory and use roaming profiles

Page 1 / 4

If you choose the Premium Edition of Windows MultiPoint Server 2012 , you will be able to join it to an Active Directory domain.
This will allow you to centralize your users, as well as their documents, if you wish.

However, the Active Directory (AD DS) role can't be installed on a Windows MultiPoint Server 2012 server. As Rob Elmer (an employee at Microsoft) has confirmed on the Microsoft forum.
If you try to install the AD DS role on a MultiPoint 2012 server, you will receive this error : Verification of prerequisites for Domain Controller promotion failed. The operation did not complete successfully.

  1. Required configuration
  2. Join the MultiPoint server to an Active Directory domain
  3. Detect server rights management
  4. Creating users in the Active Directory
  5. Set users rights through GPOs
    1. Rights management for standard users
    2. Rights management for dashboard users
    3. Rights management for administrator users
  6. Verification of users rights
    1. Checking the update of the MultiPoint Server 2012 groups
    2. Checking the rights of our standard user (a student)
    3. Checking the rights of our dashboard user (a teacher)
    4. Checking the rights of our administrator user (an IT Manager)
  7. Enabling Roaming Profiles

1. Required configuration

As mentioned earlier, the Active Directory role can't be installed on a MultiPoint server. But, a MultiPoint server can be linked to an Active Directory if you use the Premium Edition of MultiPoint Server 2012.

So, you need at least 2 servers :

  1. your Windows MultiPoint Server 2012 server
  2. and another server (for example, under Windows Server 2012) where you installed the Active Directory (AD DS) role

Then, your MultiPoint server needs to know the IP address of your local DNS server.
Since the Active Directory role installation also installs the DNS role, you can specify the IP address of your Active Directory server as the primary DNS server on your MultiPoint 2012 server.

For this :

  • either you specify the IP address directly in the TCP/IP settings of the network card of your MultiPoint 2012 server
  • either you use the "006 DNS Servers" option of the DHCP role available on Windows Server

Note that if you have enabled the Virtual Desktops feature of Windows MultiPoint Server 2012 , the TCP/IP settings will be available for the "vEthernet (WMS)" network adapter and not for the "Ethernet" network adapter.
This is due to the automatic activation of the Hyper-V role (which is the Microsoft virtualization server).

In our case, we have specify :

  • the IP address of our Active Directory server as preferred DNS server
  • the IP address of our router as alternate (secondary) DNS server

2. Join the MultiPoint server to an Active Directory domain

Now, go to the system properties and click : Change settings.

Currently, our server is a member of the default workgroup : WORKGROUP.
Click Change.

Select "Member of : Domain" and specify your Active Directory domain name.
In our case, it's the "informatiweb.lan" domain.

Provide the domain administrator credentials to join your server to your Active Directory.

You will need to restart your Windows MultiPoint Server 2012 server for the changes to take effect.

Click Yes to restart the server.

After rebooting, you will see that your server is now a member of your domain.

3. Detect server rights management

As you probably know, by default you can create 3 types of users :

  1. Standard user : standard user accounts to allow your users (your students) to access a Windows session with the ability to save their personal documents
  2. MultiPoint Dashboard user : user accounts with additional rights that allow teachers (for example) to monitor their students with the MultiPoint Dashboard.
  3. Administrative user : user accounts to fully manage the server and provide access to the MultiPoint Dashboard and MultiPoint Manager.

Since we will be creating our users on our Active Directory server, we had to find out how Windows distinguished these different types of users.
For this, we created 3 test users each with different rights from the MultiPoint Manager.

Here are the 3 test users created :

  • test-user-admin : Administrator
  • test-user-dashboard : MultiPoint Dashoard User
  • test-user-standard : Standard

If you go into computer management, you will see the 3 new local users created previously.

Note : to access the computer management on a Windows Server or MultiPoint Server, open the Server Manager and go to : Tools -> Computer Management.

If you look in which groups these users are, you will see that :

  • standard users are only in the "Users" group
  • dashboard users are only in the "WmsOperators" group
  • administrator users are in the Administrators and WmsOperators groups

Now that we know in which groups we will have to create our users, we can delete our test accounts.

All that remains are the accounts we used in a previous tutorial.