Active Directory is required for authentication and authorization. The Kerberos infrastructure in Active Directory is used to guarantee the authenticity and confidentiality of communications with the Delivery Controllers. For information about Kerberos, see the Microsoft documentation.
You need any of these functional levels for the forest and domain:
To use Policy Modeling, the domain controller must be running on a server whose operating system is Windows Server 2003 to Windows Server 2012 R2; this does not affect the domain functional level.
Optionally, Virtual Delivery Agents (VDAs) can use information published in Active Directory to determine which Controllers they can register with (discovery). This method is supported primarily for backward compatibility, and is available only if the VDAs are in the same Active Directory forest as the Controllers. For information about this discovery method see Active Directory OU-based Controller discovery and CTX118976.
In an Active Directory environment with multiple forests, if one-way or two-way trusts are in place you can use DNS forwarders for name lookup and registration. To allow the appropriate Active Directory users to create computer accounts, use the Delegation of Control wizard. Refer to Microsoft documentation for more information about this wizard.
No reverse DNS zones are necessary in DNS infrastructure if appropriate DNS forwarders are in place between forests.
Set the value to 1.
You might need reverse DNS configuration if your DNS namespace is different than that of Active Directory.
To obtain your domain SID, use ADExplorer or XDPing.
After the ListOfSIDs registry key has been added and the brokeragent.exe.config file has been edited, you will need to restart the Citrix Desktop Service so that the changes will be applied.
|Trust type||Transitivity||Direction||Supported in this release|
|Parent and child||Transitive||Two-way||Yes|
|External||Nontransitive||One-way or two-way||Yes|
|Forest||Transitive||One-way or two-way||Yes|
|Shortcut||Transitive||One-way or two-way||Yes|
|Realm||Transitive or nontransitive||One-way or two-way||No|
For more information about complex Active Directory environments, see CTX134971.