You can configure domain filters to limit the domains that a Connection Server instance or security server makes available to end users.
VMware Horizon determines which domains are accessible by traversing trust relationships, starting with the domain in which a Connection Server instance or security server resides. For a small, well-connected set of domains, VMware Horizon can quickly determine a full list of domains, but the time that this operation takes increases as the number of domains increases or as the connectivity between the domains decreases. VMware Horizon might also include domains in the search results that you would prefer not to offer to users when they log in to their remote desktops.
If you have previously set the value of the Windows registry key that controls recursive domain enumeration (HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware VDM\RecursiveDomainEnum) to false, recursive domain searching is disabled, and the Connection Server instance uses only the primary domain. To use the domain filtering feature, delete the registry key or set its value to true, and restart the system. You must do this for every Connection Server instance on which you have set this key.
The following table shows the types of domain lists that you can specify to configure domain filtering.
Domain List Type | Description |
---|---|
Search exclusion list | Specifies the domains that VMware Horizon can traverse during an automated search. The search ignores domains that are included in the search exclusion list, and does not attempt to locate domains that the excluded domain trusts. You cannot exclude the primary domain from the search. |
Exclusion list | Specifies the domains that VMware Horizon excludes from the results of a domain search. You cannot exclude the primary domain. |
Inclusion list | Specifies the domains that VMware Horizon does not exclude from the results of a domain search. All other domains are removed apart from the primary domain. |
The automated domain search retrieves a list of domains, excluding those domains that you specify in the search exclusion list and domains that are trusted by those excluded domains. VMware Horizon selects the first non-empty exclusion or inclusion list in this order.
- Exclusion list configured for the Connection Server instance.
- Exclusion list configured for the Connection Server group.
- Inclusion list configured for the Connection Server instance.
- Inclusion list configured for the Connection Server group
- VMware Horizon applies only the first list that it selects to the search results.
- If you specify a domain for inclusion, and its domain controller is not currently accessible, VMware Horizon does not include that domain in the list of active domains.
- You cannot exclude the primary domain to which a Connection Server instance or security server belongs.
- The primary domain will always be available in the list even though it is added to the search exclusion list or the exclusion list.
- Connection server configurations take precedence over cluster settings. Adding or removing domains for the connection server ignores the cluster-level configuration.
- When you add a domain to the inclusion list, ensure it is not present in the search exclusion list or the exclusion list. If it is present in either of both of those lists, remove it from them.