In this article:
Director can support multi-forest environments spanning a forest configuration where users, Domain Delivery Controllers (DDC), VDAs, and Directors are located in different forests. This requires proper set up of trust relationships among the forests and configuration settings.
The recommended configuration requires creation of outgoing and incoming forest trust relationships among the forests with domain-wide authentication.
The trust relationship from the Director enables the administrator to troubleshoot issues in user sessions, VDAs and Domain Controllers located in different forests.
Important: When you change a setting in IIS, the Director service automatically restarts and logs off users.
To configure advanced settings using IIS:
Platinum licenses retain data for 90 days by default. For more information on configurations see Data granularity and retention.
Director uses Active Directory to search for users and to look up additional user and machine information. By default, Director searches the domain or forest in which:
Director attempts to perform searches at the forest level using the Active Directory global catalog. If the administrator does not have permissions to search at the forest level, only the domain is searched.
Searching or looking up data from another Active Directory domain or forest requires that you explicitly set the domains or forests to be searched. Configure the following setting:
Connector.ActiveDirectory.Domains = (user),(server)
The value attributes user and server represent the domains of the Director user (the administrator) and Director server, respectively.
To enable searches from an additional domain or forest, add the name of the domain to the list, as shown in this example:
Connector.ActiveDirectory.Domains = (user), (server), <domain1>, <domain2>
For each domain in the list, Director attempts to perform searches at the forest level. If the administrator does not have permissions to search at the forest level, only the domain is searched.
In an environment with multiple forests, Director does not show the session details of users from other forests who have been assigned to the XenDesktop Delivery Group using the domain local group.
If Director is already installed, configure it to work with multiple Sites. To do this, use the IIS Manager Console on each Director server to update the list of server addresses in the application settings.
Service.AutoDiscoveryAddresses = SiteAController,SiteBController
where SiteAController and SiteBController are the addresses of Delivery Controllers from two different Sites.
Service.AutoDiscoveryAddressesXA = FarmAController,FarmBController
where FarmAController and FarmBController are the addresses of XenApp controllers from two different farms.
DirectorConfig.exe /xenapp FarmControllerName
By default, the Activity Manager in Director displays a list of all running applications for a user's session. This information can be viewed by all administrators that have access to the Activity Manager feature in Director. For Delegated Administrator roles, this includes Full administrator, Delivery Group administrator, and Help Desk Administrator.
To protect the privacy of users and the applications they are running, you can disable the Applications tab from listing running applications.
UI.TaskManager.EnableApplications = false