Server 2012 VDI collection require two-way trust when adding user group of external domain
This article provides a solution to an error that occurs when you try to add DomainB\RD_USER_GROUP directly to VDI collection in DomainA.
Applies to: Windows Server 2012 R2
Original KB number: 2877933
Consider the following scenario:
RDCB and RDVH are in DomainA.
RD users are in DomainB\RD_USER_GROUP, RD_USER_GROUP is a "Security Group - Universal".
DomainA and DomainB are in different forests.
DomainA one-way trusts DomainB.
When you tried to add DomainB\RD_USER_GROUP directly to VDI collection in DomainA, we got an error "The security identifier could not be resolved. Ensure that a two-way trust exists for the domain of selected users".
Two-way trust is required for this scenario to work.
Change one-way trust to two-way trust.