Jump to content

2008 Windows Server Guide

clark544

By clark544
in Windows Server

 Share

Recommended Posts

clark544

clark544

Posted
Posted

Good Morning All,

I'm looking for a guide that generally guides me through the process of taking a network from p2p to Domain/AD/TS type of setup.

I have the domain and TS/AD/DNS/DHCP installed, but I'm really getting hung up on the AD/TS side of it.

Right now I have a domain user that can't login into the TS. I have added them on the AD machine to the group "Remote Desktop Users" as instructed by the TS server, but when I check he TS server that group doesn't exist. Do I need to set something else up to that it pulls from the AD automatically?

Thanks,

NOah

Link to comment
Share on other sites

cluberti

cluberti

Posted
Posted

Did you install the AD role after installing TS on the DC? I'm assuming you've got all these roles on one server - if so, you won't find it. A domain controller can have no local groups, and the RDU group is a local group created by the TS role installer. You'll have to remove the TS role and features and reinstall if this is the case.

Link to comment
Share on other sites
clark544

clark544

Posted
  • Author
Posted
Did you install the AD role after installing TS on the DC? I'm assuming you've got all these roles on one server - if so, you won't find it. A domain controller can have no local groups, and the RDU group is a local group created by the TS role installer. You'll have to remove the TS role and features and reinstall if this is the case.

Negative. They are on two different servers. I think I found my problem....Maybe not.

So I noticed that on the SRV02(the AD/DNS/DC) machine that I was a member of remote desktop users, and I thought this "trickled"down to SRV03 (The TS machine) because they were in the same domain, am I wrong on that?

My previous error went away, but now it says wrong usernme and password. I reset the password on the DC, once again, this should trickle down...correct?

My username isn't found in the local user and groups part of the admin panel, this isn't surprising to me, but should it be?

Link to comment
Share on other sites
cluberti

cluberti

Posted
Posted
So I noticed that on the SRV02(the AD/DNS/DC) machine that I was a member of remote desktop users, and I thought this "trickled"down to SRV03 (The TS machine) because they were in the same domain, am I wrong on that?
On the TS Server itself, there should be a local group called "Remote Desktop Users" - this is not the same as the domain group. You MUST be in the local admins group or the remote desktop users local group on the TS itself.
My previous error went away, but now it says wrong usernme and password. I reset the password on the DC, once again, this should trickle down...correct?
Assuming one domain controller, the change should be immediate.
My username isn't found in the local user and groups part of the admin panel, this isn't surprising to me, but should it be?
Unless you've explicitly added it to a local group, no, it's not surprising.
Link to comment
Share on other sites
clark544

clark544

Posted
  • Author
Posted
On the TS Server itself, there should be a local group called "Remote Desktop Users" - this is not the same as the domain group. You MUST be in the local admins group or the remote desktop users local group on the TS itself.

Awesome. Okay, so say I have 50 some users. Can I create a group called, "TS Server Users" on the DC and push it to the TS and have some sort of alias set up that way. This would make it so only the DC would contain users and all modifications could be done there. Is there an easier way to do with with say group policy or some such mechanism?

Thank you so much for your help that you've provided.

Link to comment
Share on other sites
cluberti

cluberti

Posted
Posted

Sort of, yes. What you do is create a domain security group, put all the domain users you want to be able to use RDP in there, and then add that domain group to the local Remote Desktop Users group on the TS itself. That way you can add/remove users from the domain group without ever having to go back to the TS to configure rdp rights.

Link to comment
Share on other sites
clark544

clark544

Posted
  • Author
Posted
Sort of, yes. What you do is create a domain security group, put all the domain users you want to be able to use RDP in there, and then add that domain group to the local Remote Desktop Users group on the TS itself. That way you can add/remove users from the domain group without ever having to go back to the TS to configure rdp rights.

Great. That's exactly what I'm looking for. Thanks.

Link to comment
Share on other sites
clark544

clark544

Posted
  • Author
Posted
My previous error went away, but now it says wrong usernme and password. I reset the password on the DC, once again, this should trickle down...correct?
Assuming one domain controller, the change should be immediate.

Only one DC. It says wrong password or username.

I have a DC and when I try to remotely it says I am not a part of the remote desktop group, but when I try to add my self...It says I'm already a member of the group. How can this be? It seems to accept the username and pass at this point though.

On the TS when I try to login...It says invalid username and password. But it can see the users/groups on the DC just fine.

Any ideas?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...