how does the connection happen between AD and the RDS server?

Trying to better understand the connection between Active Directory and the RDS server.  We have a VM that runs our terminal (RDS) server and another VM for DHCP/DNS/AD of course.  When I add a user to the domain it adds it in AD as a member of the domain users group.  I then have to add the user to the Remote Operators group and VPN users group if this user needs to connect remotely.  My question is:  Where and how does the connection happen on the server running AD when I add the group of Remote Operators and VPN users to the user?  I know that the RDS server role is setup for this but how does adding a user to the group TALK or connect to the RDS server?  Sorry if I'm not asking this correctly.
Who is Participating?
There are multiple threads here
When you logon through rd web, Rd web directly ask DC to authenticate through IIS api
When u trying to connect to rdsh through remote apps, the connection get forwarded to rd connection broker which in turn authenticate user with Ad again, this process can be seamless to user
After that u can connect to rdsession host
If you are trying to access rdsh from internet, rd gateway come in picture, in that case it 1st authenticate user with AD, then pass connection to rd connection broker, it again need authentication and do it via AD, again process can be seamless to user if sso is implemented
In short, before u connect to rd session host server, you must connect to rd connection broker and also authenticate with Ad via him, connection broker is key here
Joe FulginitiNetwork EngineerCommented:
When you configure your RDS server, you define groups that are allowed to connect to a RDS session. When a user attempts to connect to the RDS server, the RDS server asks AD if the user is in the authorized group and if the Username and password is correct.  AD sends the response to the RDS server and then the RDS server allows the connection.

For the VPN Group, do your users need to first connect to a VPN before they can connect to the RDS server? if so, that would explain why the users would need to be added to two groups.
mkramer777Author Commented:
Joe.  Where on the RDS server can I find the groups that are defined to allow a user to connect to a RDS session?
what you are doing essentially is to add a group in "remote desktop users" local group on each server through common console so that group members can connect to RDS server
The question you asked in such manner that you need to understand RDS work flow which I believe I have tried to explain
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.