i have a setup that i have couple of domains (different forests ex: lab1.local, lab2.labs) that have trust between them.
one domain has the groups that controls the resources i publish on the APM.
those groups have users from the multiple domain.
currently i have configured the APM as follow
1) configured trusted domains with the root to be the domain that have the groups
2) logon page to split domain from user
3) AD Auth: use cross domain, and chosen the trusted domain object
4) adquery: use cross domain, and chosen the trusted domain object
after the adquery i have put in a logging agent to log session.* and the memberOf of the user shows only the group the user is member of from it's local domain. the adquery does not map the user the groups it is member of from my "main" domain that the APM monitors the groups
any ideas ?
i am moving this customer from citrix to APM and his citrix setup do allow this kind of functionality