Another bit of info. I have isolated this down to Web Interface authentication. If the Web Interface is configured for PassThru authentication, apps published to domain local groups do not enumerate. If I use explicit authentication, the apps enumerate properly. Tried the PassThru with and without Kerberos to no avail. If I can find a way to keep PassThru auth that is going to be ideal. On Tue, Dec 7, 2010 at 10:44 AM, Christopher Wilson <christofire@xxxxxxxxx>wrote: > I have to use domain local groups because it is a separate forrest being > trusted, as opposed to two domains in the same forrest in which case I would > do globals into a universal. > > > On Mon, Dec 6, 2010 at 8:20 PM, Magnus Hjorleifsson <magnus@xxxxxxxx>wrote: > >> Use domain global groups in each of the domains put the global groups >> in a universal group in one of the domains. Much easier to manage >> >> Sent from my iPhone >> >> On Dec 6, 2010, at 14:27, "Raffensberger, Stephen D" < >> sraffens@xxxxxxxxxxx> wrote: >> >> Are they Universal groups or Global groups? >> >> >> >> *Steve Raffensberger* >> >> Produban US >> >> sraffens@xxxxxxxxxxx >> ------------------------------ >> >> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On >> Behalf Of *Christopher Wilson >> *Sent:* Monday, December 06, 2010 12:28 PM >> *To:* thin@xxxxxxxxxxxxx >> *Subject:* [THIN] Publishing apps to Domain Local groups >> >> >> >> Greetings all. >> >> >> >> I have an integration problem I'm hoping someone might have some insight >> on. >> >> >> >> *Here’s the situation: *Merger Closed Friday. Integration in progress. >> Need to publish Citrix apps to both companies users. >> >> *Citrix Setup: *One farm CPS 3.0/Windows 2003, one farm XenApp 5/Windows >> 2008 sp2. Both have the same issue. >> >> >> >> *AD set up:* Our users are in a domain with an empty forest root above >> it. Their users are in a domain with an empty forest root above it. A >> trust exists between the two forest roots. >> >> >> >> *Problem:* To publish apps to the other domain I **should** be able to >> publish Citrix apps to a domain local group in my domain, and add users from >> both domains to that domain local security group. What I am seeing is that >> for applications published to a domain local group, users in that group from >> our domain see the app, but members from the other domain do not see the >> app. >> >> >> >> I can publish the application explicitly to users in the other domain and >> they can see and access the application. This is not an optimal approach. >> Trying to get the domain local group working for all users. >> >> >> >> Has anyone run into this issue before and do you have any recommendations? >> >> >> >> Thanks for any help you can offer. >> >> >> >> Best regards, >> >> Christopher >> >> >