Active Directory and Terminal Server


Recommended Posts

I have a domain controller (Server 1) and a termianl server (Server 2). I set up a user in AD and make them a member of the Remote Desktop Users. I granted the Remote Desktop Users the right to lon on through Terminal Services. I can log on through Remote Desktop as the Administrator but not the user which I set up. What am I missing here?

I will be installing terminal services licenses once I get this working. Is it better to have the terminal server also be the licenses server or should I make the other server the license server?

Thanks in advance.

Link to comment
https://www.neowin.net/forum/topic/506510-active-directory-and-terminal-server/
Share on other sites

I have tried everything and I cannot log on to the through terminal services as the user I set up. I can log on locally to the terminal server. I made the domain controller also the license server but the terminal server cannot locate the license server automatically. I have to manually enter the computer name. Any help will be greatly appreciated.

Thanks

If your having problems locating your lic server

http://support.microsoft.com/kb/279561/

How to override the license server discovery process in Windows Server 2003 Terminal Services

http://technet2.microsoft.com/WindowsServe...3.mspx?mfr=true

Set preferred Terminal Server license servers

Not sure exactly what you mean by "I have to manually enter the computer name."

Thanks for the reply Budman, but I resolved the license server. I just cannot figure out why I cannot log on to the terminal server through a terminal session with a user other than the Administrator. On the domain controller (in Domain Security Settings) I configured to allow Remote Desktop Users to connect through terminal services. I made the user a member of the Remote Desktop Group. On the terminal server in local security policy I configured Administrators and Remote Desktop Users to log on through terminal services. Here if I remove the Administrators group then I cannot log on through terminal services at all.

I apologize but I am very new to Active Directory. I am just trying to learn by doing. I was under the impression that the above is all I had to do to log on through terminal services. I am not sure why it only lets the administrator log and not the user who is the member of the Remote Desktop Group. It keeps on giving me the message that only members of the Remote Desktop Group can log on through termianl services. The user I careted is a member of the Remote Desktop Group. I just don't understand.

If I am reading what you have done correctly - you have not put the user in the LOCAL Remote Desktop users Group on the terminal server itself.. But in the domain group called the same thing.

This user needs to be placed in "termianl server (Server 2)." Local RD users group..

http://technet2.microsoft.com/WindowsServe...3.mspx?mfr=true

Enabling users to connect remotely to the server.

So you put the Domain Remote Desktop Users into the Local RD Users group?

Put the domain "USER" account you want to access the terminal server into the terminal servers local Remote Desktop Users group.

From the previous link I gave

--

It is highly recommended that you use the Remote Desktop Users group to grant individuals access to terminal servers, rather than assigning the required permissions manually

Caution: If you alter the default permissions on the Remote Desktop Users group or remove this group, members of this group might lose the ability to log on remotely to terminal servers.

--

This error "only members of the Remote Desktop Group can log on through termianl services." would sure point to you not having the account in this group.

http://technet2.microsoft.com/WindowsServe...3.mspx?mfr=true

Add users to the Remote Desktop Users group

Budman thank you very much for taking the time to help a novice. You are a genious. Everything is working great now. I have two more issues I have to learn or resolve and I will be ready to use this server.

First, I have configured DHCP on the server. Once I did that I knew that I was going to lose internet connectivity. I have learned that what I need to do is to enable DNS forwarding for internet connections. In the forwarders area of the DNS server I typed in my ISP address of the DNS servers. The internet does not work. This is the area I amtotally lost on. Can you hel pme with this also?

My second issue is that I want my terminal server users to have access to a shared printer on Server 1 (I know that this is also the domain controller and should not be a print server). What I did to allow TS users to connect is what you said above except I created a group call TS App Users and made them a member of the Local RD Users group. That way I can just add users to that domain group and give them access to the TS server. I want those same users to have access to the printer but when I log on and try to connect to the printer in AD it says that I don have rights on that computer to connect. It would benice if I can somehow set up the TS User group to have access to the printer as well as the shared folder without the user havain to do anything, but I think that I am getting ahead of myself. That way when a TS App User logs on, the have a mapped drive to the share and a printer all set up. I say that I am getting ahead of myself because this probably involves scripting.

I thank you in advance for taking your valuable time to help me.

I just got my first issue resolved. When I set up DHCP I picked a scope of 192.168.0.100 - 192.168.0.200. The gateway is 192.168.0.1. When I disabled DHCP on the router, I did not change the device IP to 192.168.0.1. I could not ping and IP address outside the network. Now that I can connect to the internet from the servers and the clients, I will work on the printer and share issue I mentioned above. I feel like I am learning alot setting this up. The best way to learn for me is to do.

  bankajac said:

My second issue is that I want my terminal server users to have access to a shared printer on Server 1 (I know that this is also the domain controller and should not be a print server). What I did to allow TS users to connect is what you said above except I created a group call TS App Users and made them a member of the Local RD Users group. That way I can just add users to that domain group and give them access to the TS server. I want those same users to have access to the printer but when I log on and try to connect to the printer in AD it says that I don have rights on that computer to connect. It would benice if I can somehow set up the TS User group to have access to the printer as well as the shared folder without the user havain to do anything, but I think that I am getting ahead of myself. That way when a TS App User logs on, the have a mapped drive to the share and a printer all set up. I say that I am getting ahead of myself because this probably involves scripting.

Printers

You could try and use a logon script for TS Users that would automatically connect to a printer.

To connect to printers use con2prt.exe. It should be located in your Windows/System32 directory on Server 2003.

Shared Drive

In said logon script, put a line saying

net use S: \\server\shared

to connect the S drive to \\server\shared

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Sure, buddy, sure... let's compare the contents of the article to the stupid thumbnail, it's clearly the same thing and it has the same importance, of course.
    • ha..... man we must buy the wrong stuff because every one we've had has had a crease visible at work
    • I mean my expectations right now are near zero so how much lower?
    • Helium Converter 3.3.70.0 by Razvan Serea Helium Converter is a free Windows utility for converting audio files between formats such as MP3, FLAC, AAC, WMA, OGG, and WAV. It supports batch conversion, preserves or updates tag information, and offers features like volume normalization. With a simple interface, it's ideal for users who need to convert large music libraries quickly and efficiently while retaining metadata. Helium Converter key features: Supports file formats: MP3, MP4, FLAC, AAC, M4A, WMA, WAV, OGG, OPUS, APE.... Batch conversion for large music libraries Preserves and edits metadata (ID3, Vorbis Comments, etc.) Volume normalization to equalize loudness Album art extraction and embedding Drag-and-drop interface for quick file selection Adjustable encoding parameters (bitrate, sample rate, channels) Uses internal codecs for consistent performance Supports CUE sheets for split track conversion File renaming based on tags during export Unicode support for international file and tag names Logging of conversion processes for troubleshooting Multi-core CPU support for faster conversions Download: Helium Converter 3.3.70.0 | 39.8 MB (Freeware) Links: Helium Converter Home Page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • JetBrains is increasing YouTrack prices starting this October by David Uzondu YouTrack, the project management and issue tracking tool by JetBrains, is set for its first price increase since 2020. The company announced that new pricing tiers for both its cloud and self-hosted products will take effect on October 1, 2025. The reason, according to JetBrains, is that its pricing has not kept up with the features it has added over the last few years. The platform has expanded to include a full-blown Knowledge Base, integrated Helpdesk tools, and AI assistance features without altering the cost for its customers. Here is a quick breakdown of the primary changes: The standard YouTrack Cloud plan will start at $5.40 per user per month on a monthly subscription. An annual plan will bring that down to $4.50 per user per month. The Helpdesk add-on for cloud users, while still free for up to three agents, will now cost $6 per agent per month for larger support teams. For the self-hosted YouTrack Server, the Helpdesk functionality for teams larger than three agents will be priced at $72 per agent per year. For YouTrack Cloud users, the free plan for up to 10 people is safe and is not changing. If you are on a modern per-user plan, you will see the new prices reflected after the cutoff date. For long-time customers on older legacy user-pack subscriptions, this marks the end of the road. You can renew one final time under your old plan before October 1, 2025. After that, you will be moved to the new per-user model, which offers more flexibility and bumps up storage to 3GB per user. On the other side of the fence is the self-hosted YouTrack Server, which has always been the choice for organizations wanting total control over their data and infrastructure. Your existing perpetual licenses are, well, perpetual; they will not stop working. The price change affects the subscription for updates and support. You can renew this subscription at the current price until the 2025 deadline. After that, all renewals will use the new pricing structure. JetBrains is keeping its user pack tiers, but if your team is larger than 2,000 people, you will need to contact the company for a custom quote. JetBrains says that all subscriptions, new or old, will continue to include the full feature set, including AI assistance and support, without extra fees. Discounts for non-profits, open-source projects, and educational institutions are also sticking around. More details can be found in the official announcement blog post.
  • Recent Achievements

    • Week One Done
      dennis Nebeker earned a badge
      Week One Done
    • One Year In
      timothytoots earned a badge
      One Year In
    • One Month Later
      CHUNWEI earned a badge
      One Month Later
    • Week One Done
      TIGOSS earned a badge
      Week One Done
    • First Post
      henryj earned a badge
      First Post
  • Popular Contributors

    1. 1
      +primortal
      466
    2. 2
      +FloatingFatMan
      194
    3. 3
      ATLien_0
      163
    4. 4
      Xenon
      78
    5. 5
      Som
      74
  • Tell a friend

    Love Neowin? Tell a friend!