[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Opening an RDP session problem

Posted on 2011-10-31
8
Medium Priority
?
435 Views
Last Modified: 2012-05-12
My environment,
WIndows 2000 SP4 DC
I added a second DC WIndows 2008 R2
Everything went fine, ADPREP, DCPROMO, no replication errors, no DNS errors, no FRS errors
5 FSMO roles are still on the 2000 DC but will be soon moved to the 2008 DC

I just installed RDS services on the 2008 DC

I can open RDS session only with users with administrator rights
Regular user cannot open RDS session
(it tells me that this user account is not authorized to open a remote desktop session)

The problem is that the group "Remote Desktop Users" does not exist in AD !!!!! Very strange...

I know it is not recommended for security reasons to add RDS services to a DC but I must do that way. And now I must find a way to open RDS session for regular (not administrator) users

Thank you for your help
0
Comment
Question by:gadsad
  • 4
  • 4
8 Comments
 
LVL 7

Expert Comment

by:elawad
ID: 37060985
what is you domain functional level?
0
 

Author Comment

by:gadsad
ID: 37061157
Windows 2000 native

5 FSMO roles are on the 2000 DC

ALso I noticed that many buit-in groups are missing in AD in the buit-il container
- remote desktop users group
- TS servers licencin g group
0
 
LVL 7

Expert Comment

by:elawad
ID: 37061375
is it possible to raise the domain functional level to 2003 and try searching again for the needed groups.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:gadsad
ID: 37061416
No I cannot since I have a 2000 DC with all 5 FSMO roles
0
 
LVL 7

Expert Comment

by:elawad
ID: 37061457
but are you planning to transfer the FSMO roles to the new windows server 2008 DC?
0
 

Author Comment

by:gadsad
ID: 37061500
Yes I am planning to do that
Do you think that is my problem ?
0
 
LVL 7

Accepted Solution

by:
elawad earned 2000 total points
ID: 37061526
well it could be related to this issue, but to narrow down the possibilities we need to try this first if you dont have applications that are not going to work with 2003 domain functional level.
0
 

Author Closing Comment

by:gadsad
ID: 37086245
Yes It was related to FSMO roles. I transfert all 5 roles from the 2K to the 2K8 server and the problem was solved immediately

Thank you for your help
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question