To be able to connect to a remote desktop, users must belong to the local Remote Desktop Users group of the remote desktop. You can use the Restricted Groups policy in Active Directory to add users or groups to the local Remote Desktop Users group of every remote desktop that is joined to your domain.
The Restricted Groups policy sets the local group membership of computers in the domain to match the membership list settings defined in the Restricted Groups policy. The members of your remote desktop users group are always added to the local Remote Desktop Users group of every remote desktop that is joined to your domain. When adding new users, you need only add them to your remote desktop users group.
These steps apply to the Active Directory server on the domain on which Horizon 7 virtual desktops or published desktops and applications are joined.
Prerequisites
Create a group for remote desktop users in your domain in Active Directory. For example, create a group named "Horizon Users".