Cannot add Domain Group to local Remote Desktop Users group
Posted on 2011-03-18
We have an issue where we cannot add any domain groups to the local Remote Desktop Users group on our Server 2008 R2 Enterprise remote desktop server.
I had created a new group in AD called RemoteConnect and put the Domain Admins group in this security group.
I then tried adding this group to the Remote Desktop Users and an error comes up saying "RemoteConnect already a part of the Remote Desktop Users group."
When I try to add the domain users or domain admins group directly into the Remote Desktop Users group it comes up with the same thing: "Domain Admins group already a part of the Remote Desktop Users group."
It is not - the only group in the Remote Desktop Users group is the local administrator.
From my experience it seems as though the groups are not being truly recognized by the Terminal Server machine as when the group is added to the RSU group it is followed by a group of numbers, I.E. [domain]\Domain Users (S-1-5-21-3964760088-388....).
I am saying this because recently we changed the NetBIOS name of our domain from hairylemon0 to hairylemon, although this was done BEFORE this new terminal server was connected to the domain.
I have also tried adding the group directly into TS_CAP_01, when I try to add the RemoteConnect group or the Domain admins group it doesn't even show up in the list, when I try to add the domain users group it comes up in the list as "[servername]\None"
I have added the RemoteConnect group to the "Local Policies -> User Rights Assignments -> Allow Logon through remote desktop services" policy - this has not allowed the Domain Admins to log on.
Any help would be appreciated.