Opening an RDP session problem
My environment,
WIndows 2000 SP4 DC
I added a second DC WIndows 2008 R2
Everything went fine, ADPREP, DCPROMO, no replication errors, no DNS errors, no FRS errors
5 FSMO roles are still on the 2000 DC but will be soon moved to the 2008 DC
I just installed RDS services on the 2008 DC
I can open RDS session only with users with administrator rights
Regular user cannot open RDS session
(it tells me that this user account is not authorized to open a remote desktop session)
The problem is that the group "Remote Desktop Users" does not exist in AD !!!!! Very strange...
I know it is not recommended for security reasons to add RDS services to a DC but I must do that way. And now I must find a way to open RDS session for regular (not administrator) users
Thank you for your help
WIndows 2000 SP4 DC
I added a second DC WIndows 2008 R2
Everything went fine, ADPREP, DCPROMO, no replication errors, no DNS errors, no FRS errors
5 FSMO roles are still on the 2000 DC but will be soon moved to the 2008 DC
I just installed RDS services on the 2008 DC
I can open RDS session only with users with administrator rights
Regular user cannot open RDS session
(it tells me that this user account is not authorized to open a remote desktop session)
The problem is that the group "Remote Desktop Users" does not exist in AD !!!!! Very strange...
I know it is not recommended for security reasons to add RDS services to a DC but I must do that way. And now I must find a way to open RDS session for regular (not administrator) users
Thank you for your help
elawad
what is you domain functional level?
ASKER
Windows 2000 native
5 FSMO roles are on the 2000 DC
ALso I noticed that many buit-in groups are missing in AD in the buit-il container
- remote desktop users group
- TS servers licencin g group
5 FSMO roles are on the 2000 DC
ALso I noticed that many buit-in groups are missing in AD in the buit-il container
- remote desktop users group
- TS servers licencin g group
is it possible to raise the domain functional level to 2003 and try searching again for the needed groups.
ASKER
No I cannot since I have a 2000 DC with all 5 FSMO roles
but are you planning to transfer the FSMO roles to the new windows server 2008 DC?
ASKER
Yes I am planning to do that
Do you think that is my problem ?
Do you think that is my problem ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes It was related to FSMO roles. I transfert all 5 roles from the 2K to the 2K8 server and the problem was solved immediately
Thank you for your help
Thank you for your help