To effectively map users to desktops, applications, and tenant administration functions within the Horizon Cloud Service platform, it is prudent to create groups in AD for each type of role, function, and access.
Keep the following points in mind to maintain compatibility with the Horizon Cloud Service platform:
- Avoid nesting – Do not create nested groups to ensure efficient AD object lookups. User objects are the only members of a group.
- Avoid mixing – Do not mix members from multiple domains (child or trusted) in the same group.
- Create groups – Create separate groups for tenant administration, help desk support, testing and validation users, and production users. If multiple domains are configured for a Horizon Cloud Service tenant, IT administrators should create similar groups for tenant administration, help desk support, testing and validation users, and production users for each individual domain. Tenant administrators have access to the Horizon Cloud Service Administration Console. Testing, validation, and production user groups are used to provision access to Horizon Cloud Service desktops and applications.