You are talking about using SID history which is slightly different. Using SID history mean that groups or users will have the same SID in either domain. Citrix uses the SID rather then the names of groups as should most apps. If you are simply moving apps or servers form one domain to another without using SID history, then the same group name in each domain will have a different SID, and you will have to repermission any resources so they use the new SID. Malcolm -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Kwaj Dude Sent: 19 January 2006 21:19 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: How crazy would it be.... What we recently ran into is groups were migrated from one domain to another keeping the SID. Worked great for access to shares/folders based on group membership, totally didn't work with published apps access based on group membership. Perhaps it does track SIDs, but based on the behavior that we observed it certainly didn't fly with migrating across domains. On 1/18/06, BRUTON, Malcolm, FM <Malcolm.BRUTON@xxxxxxxx <mailto:Malcolm.BRUTON@xxxxxxxx> > wrote: I'm not sure that statement is right. If you rename a group in AD it will update it to the new name in the CMC on published apps. Therefore it must be using the SID. Best way is to test it.... You can have a farm in multiple domains at once. You obviously just need to be careful with permissioning the right resources from each domain. I have seen issues with RM that is split between domains (an NT4 domain and an AD domain) where not everything works. Such as, you lose the ability to run some reports in the CMC based on group membership and you must run it only individual user accounts instead. Hope this helps Malcolm -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> [mailto:thin-bounce@xxxxxxxxxxxxx <mailto:thin-bounce@xxxxxxxxxxxxx> ] On Behalf Of Kwaj Dude Sent: 18 January 2006 02:05 To: thin@xxxxxxxxxxxxx <mailto:thin@xxxxxxxxxxxxx> Subject: [THIN] Re: How crazy would it be.... As far as published apps go, Citrix only looks at account names/group names - SIDs mean nothing. As long as the domain and te usernames remain the same it shouldn't be an issue. On 1/18/06, Jen hen <jen.work@xxxxxxxxx <mailto:jen.work@xxxxxxxxx> > wrote: to migrate a complete citrix farm to a new AD forest? There will be trusts between forests. The farm is not yet productional, so it can take a few hick-ups. Currently all the infrastructure pieces are 4.0 but the PS servers are 3.0 with SP 2005.04. Thanks! Jennifer Henske **************************************************************************** ******* The Royal Bank of Scotland plc. Registered in Scotland No 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB. Authorised and regulated by the Financial Services Authority This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not accept responsibility for changes made to this message after it was sent. Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by The Royal Bank of Scotland plc in this regard and the recipient should carry out such virus and other checks as it considers appropriate. Visit our websites at: http://www.rbs.co.uk/CBFM <http://www.rbs.co.uk/CBFM> http://www.rbsmarkets.com <http://www.rbsmarkets.com/> **************************************************************************** ****