Why domain admin can not use mstsc to the DC after I added a user to remote desktop group?

Oscar
Oscar used Ask the Experts™
on
For a poroject temporary I added a user to the "domain admin group" and in order to remotly connect to the DC I also added to Built-in "Remote desktop Group". Now the user is able to connect remotly but not domain admin. any reason?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
Go to the DC, open taskmanager...select users tab. You should be seeing a 'disconnected' user. Select and logoff that user. You only have 2 'free' terminal services connections on the DC. As long as the 'domain admin' and the remote desktop user log off any sessions instead of just close the window...both users should have access. Closing the window disconnects and maintains one of those two connections. If you want more than 2 connections, you will have to purchase and install the licenses for terminal services.
Top Expert 2010
Commented:
if you want 3rd connection then go to start>run and type in:
mstsc /console

You can log in that way and then log off disconnected users.
OscarIT support

Author

Commented:
Hi Guys,  - It was not the number of connection, as soon as I added a user to the Active Directory,  built-in, "Remote Desktop Users" group then the domain admin could not login remotely any more.
Here is how I resolve it.
Instead of adding only that user to the "Remote Desktop Users" group I added Domain Admin as well and now both can login in.
I did not know that when you put any user to this group then it means that you are changing the sort of Domain policy and it means you really mean only this user or only users on this group...  
OscarIT support

Author

Commented:
Hope you all agreed to point distribution.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial