Jump to content
Welcome to our new Citrix community!

Multiple A/D domains

Gerry Locke

Recommended Posts

Apologies if this is a repeat of other questions - I have looked at some of the suggestions, but I don't think they applied.


My organisation is in the process of merging 4 different domains into 1. We have been using Citrix for years in domainA, and we have the storefront set up so that anyone from domain A and any of the merging domains can log onto the storefront from our internal network. Users from domainA have also been able to log on from the internet for years by using our Netscaler device. What I want to do now is to allow users from the merging domains to also be able to get in via the Netscaler device. What I have done so far is :


1. Created a new server under System\Authentication\LDAP\Servers

2. Created a new policy under System\Authentication\LDAP\policies


Do I now need to bind the new policy to our virtual server (of which there is only 1). When I do this, will the policy that is already bound remain? If so, is this what I need to do to bind the new policy?


1. Go to Netscaler Gateway\Virtual Servers

2. Click on our Virtual Server (there is only 1)

3. Click the Edit button

4. Scroll down to and click on Authentication\LDAP Policies

5. Click on the new policy I have created

6. Click the Bind button

7. Select the checkbox beside the new policy

8. Click Insert?



Sorry - I know this is probably a pretty basic question. We usually get an external contractor to do any changes like this, but I figure if I can do it myself, why pay someone else to do it


Link to comment
Share on other sites

Hi, Thanks for your reply. I'm not sure if I have done something wrong, or if I am just missing something, but I have created an LDAP policy, pointing to the D/C in the new domain I want to authenticate to, I have created the expression thing, but for the life of me I can't see how to bind the new policy to the virtual server.  In Netscaler, I click on Virtual Servers, I then click on the Virtual Server, click Edit, scroll down to Authentication, where it says '2 LDAP Policies'. I click on where it says 2 LDAP policies, I click on the new policy I created, I click the Bind button, I then select the checkbox beside the new policCapture1.thumb.PNG.4d313a47c9be8adf8f6373391c6ed055.PNGy.....but what do I click next? Do I need to click anything next? Or does the fact that the LDAP policy is shown indicate that it is already bound? If that is the case, it doesn't appear to be authenticating. I noticed 'routes' today and there isn't a route to the network that the DC for the new domain is on. Do I maybe need to add one? (I really don't know what I am doing at this point, as you may have noticed!)




UPDATE - Looks like I might be halfway there. I am now able to get past the Netscaler gateway, but when I get to what should be the Storefront login page (I am automatically redirected there from the Netscaler login page), I get a message 'Cannot complete your request'. I guess this means that Netscaler has managed to authenticate me (previously I was just getting an 'invalid username or password' message), but now the Storefront is failing. I have added the new domain to the 'trusted domains' list under 'authentication' on the Storefront. Do I need to remove an Authentication Method on our Storefront? Currently we have 'username and password', 'domain passthrough' and 'pass through from Netscaler gateway' selected.


Another Update - got it working! Thanks for your help

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...