Home > Citrix, XenDesktop > XenDesktop 5: Using Active Directory-Based Controller Discovery

XenDesktop 5: Using Active Directory-Based Controller Discovery

December 14th, 2011

VDI desktops in a XenDesktop environment need to be able to register with a controller or multiple controllers so they can be managed by the broker and allow connections by clients.

In XenDesktop 4 the default was having the controller information held in an Active Directory OU. During installation you specified an AD OU and the controller installation added the AD objects to the OU so the Citrix Virtual Desktop Agent (VDA) that is installed within the guest OS could find the correct delivery controllers.

This has changed in XenDesktop 5 where the controller information isn’t by default added to AD and the client VDA is configured with the DNS names of the controllers (best to have at least two for redundancy) in the following registry key:
HKEY_LOCAL_MACHINE\Software\Citrix\VirtualDesktopAgent\ListOfDDCs (REG_SZ)

In this example my controllers are lonxd01.lab.int and nycxd01.lab.int


I think storing the controller information in AD which was the default in XenDesktop 4 was a great way of doing things as it gave you one less client VDA configuration setting to manage. If the controller information is stored in the registry and you need to add or remove a controller you have to reconfigure every client which can be a lot of work. If the controller information is stored in AD you can amend the setting in AD and all clients will be able to find the new controller without any VDA configuration change.

When you install the VDA you specify how to connect to the controller. The options are:

  1. Manually enter controller location (which is the default DNS option in XenDesktop 5)
  2. Select from Active Directory
  3. Configure at a later time


If you choose Select from Active Directory and you don’t have any controller information currently in AD there won’t be any option available to select.

To add the controller information into AD you need to have an account with the necessary rights on an OU. I use a service account for XenDesktop called LAB\LAB-SVC-XD which has Read and Write rights in AD on my VDI OU so it can manage the VDI computer accounts and also the controller information.


I am going to place the controller information objects in this OU.

Citrix provides a PowerShell script called Set-ADControllerDiscovery.ps1 to add the information into AD.

On one of your delivery controllers, logon as the account that has the necessary rights on the OU you would like to use in AD and navigate to:
C:\Program Files\Citrix\Broker\Service\Setup Scripts

Launch PowerShell.exe

Run the following PowerShell command script using your own OU and domain name

.\Set-ADControllerDiscovery.ps1 -on -existingOuDn "ou=VDI, dc=lab, dc=int"


You then need to restart the Citrix Broker Service on all the controllers in the site to complete the configuration change.

If you now look in your OU, you will see the script has created three objects which specify the controller information.


You can now go back to your client and either when installing from scratch or amending an existing install from Add/Remove Programs you can choose Select from Active Directory and choose your site name and complete the configuration.


If you check the Registry you will now see there is a FarmGUID entry which is populated with the Site GUID rather than ListofDDCs.


In the Set-ADControllerDiscovery.ps1 script the comments say that you have a choice of either DNS controller discovery or AD but not both.

If the XenDesktop site is switched from one discovery method to the other, all virtual desktop machines already in existence will need their registry values updated accordingly or they will fail to discover the Desktop Delivery Controllers and will not be available to end users.

I tested this by setting the site to AD discovery and not changing the VDA so it was still using DNS discovery and the desktop still registered with the AD controller. I’m not sure why Citrix says you can’t use both client options at the same time as basically both options are just for finding controller DNS names and then registering. Both options seem to work fine together so I’m not sure why Citrix says you can’t use both.

Categories: Citrix, XenDesktop Tags: ,
  1. Chaitanyakumar
    November 30th, 2012 at 10:54 | #1

    Good information… thanks for sharing..

  1. No trackbacks yet.
Comments are closed.