Server 2012 VDI collection require two-way trust when adding user group of external domain
This article provides a solution to an error that occurs when you try to add DomainB\RD_USER_GROUP directly to VDI collection in DomainA.
Applies to: Windows Server 2012 R2
Original KB number: 2877933
Symptoms
Consider the following scenario:
RDCB and RDVH are in DomainA.
RD users are in DomainB\RD_USER_GROUP, RD_USER_GROUP is a "Security Group - Universal".
DomainA and DomainB are in different forests.
DomainA one-way trusts DomainB.
When you tried to add DomainB\RD_USER_GROUP directly to VDI collection in DomainA, we got an error "The security identifier could not be resolved. Ensure that a two-way trust exists for the domain of selected users".
Cause
Two-way trust is required for this scenario to work.
Resolution
Change one-way trust to two-way trust.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for