FAQ: What are the recommendations for Active Directory Environments when integrated with XenApp?
Article ID: CTX209934
Updated On:
Description
Question 1: What are the recommendations for Active Directory when accessing XenApp ?
Answer 1: Citrix recommends the following configuration for server farms with Active Directory:
- XenApp servers are in their own Organizational Units (OUs).
- Create OUs for application silos, keeping servers from different silos organized in their own OUs. (You can, however, create application silos that span multiple OUs.)
- All servers reside in the same domain.
- The server farm domain has no trust relationships with non-Active Directory domains, as this can affect operations requiring trusted domains.
- The server farm is in a single Active Directory forest. If your farm has servers in more than one forest, users cannot log on by entering user principal names (UPNs). UPN logons use the format username@UPN identifier. With Active Directory, UPN logons do not require a domain to be specified, because Active Directory can locate full UPN logons in the directory. However, if the server farm has multiple forests, problems occur if the same UPN identifier exists in two domains in separate forests.
NOTE : Important: Citrix XenApp does not support UPN logons if a server farm spans multiple Active Directory forests.
Question 2: Which Active Directory Groups are recommended for Access to Citrix Management Consoles (Citrix App Center, Citrix Delivery Services Console, Citrix Studio, Citrix Director)?
Answer 2: Domain Global Groups are the recommended and best option as there are no adverse affects or restrictions when using them. You can also use Domain Local Groups and Universal Groups but they have some caveats refer to the Citrix Documentation section for further details on this.
Question 3: Which Active Directory Groups are recommended for Access to XenApp published applications for users?
Answer 3: Domain Global Groups are also recommended and the best option for user access to published applications as there are no adverse affects or restrictions when using them. You can also use Domain Local Groups and Universal Groups but they have some caveats refer to the Citrix Documentation section for further details on this.
Question 4: Can we use Active Directory Federation Services with XenApp ?
Answer 4: Yes , XenApp supports Active Directory Federated Services (AD FS) when used with the Citrix Web Interface or Citrix StoreFront.
Question 5: Can you use XenApp in a Microsoft Active Directory Multiple Forest Environment?
Answer 5: Yes, if you are running minimum level of XenApp 7.5 or XenDesktop 7.1 (See documentation below for how to achieve this).
Question 6: What Active Directory Trust should be used with XenApp ?
Answer 6: XenApp/XenDesktop supports many different Active Directory trusts (Single , Two-way , Transitive, Bi-directional, shortcut, etc...) you need to review your environment and decide which is the best option for you and your users.
Question 2: Which Active Directory Groups are recommended for Access to Citrix Management Consoles (Citrix App Center, Citrix Delivery Services Console, Citrix Studio, Citrix Director)?
Answer 2: Domain Global Groups are the recommended and best option as there are no adverse affects or restrictions when using them. You can also use Domain Local Groups and Universal Groups but they have some caveats refer to the Citrix Documentation section for further details on this.
Question 3: Which Active Directory Groups are recommended for Access to XenApp published applications for users?
Answer 3: Domain Global Groups are also recommended and the best option for user access to published applications as there are no adverse affects or restrictions when using them. You can also use Domain Local Groups and Universal Groups but they have some caveats refer to the Citrix Documentation section for further details on this.
Question 4: Can we use Active Directory Federation Services with XenApp ?
Answer 4: Yes , XenApp supports Active Directory Federated Services (AD FS) when used with the Citrix Web Interface or Citrix StoreFront.
Question 5: Can you use XenApp in a Microsoft Active Directory Multiple Forest Environment?
Answer 5: Yes, if you are running minimum level of XenApp 7.5 or XenDesktop 7.1 (See documentation below for how to achieve this).
Question 6: What Active Directory Trust should be used with XenApp ?
Answer 6: XenApp/XenDesktop supports many different Active Directory trusts (Single , Two-way , Transitive, Bi-directional, shortcut, etc...) you need to review your environment and decide which is the best option for you and your users.
Additional Resources
-
Citrix Documentation - Recommendations for Active Directory Environments (XenApp 6.5)
-
Citrix Documentation - Active Directory (XenApp/XenDesktop 7.5)
-
Citrix Documentation - Deploy in a multiple forest Active Directory environment
-
Citrix Documentation - Active Directory (XenApp/XenDesktop 7.6)
-
CTX122417 - Using XenDesktop with Multiple Active Directory Forests
Issue/Introduction
This article goes some questions and answers when integrating Microsoft Active Directory and XenApp.
Additional Information
Was this article helpful?
Yes
No
Powered by
