none
Can Remote Desktop Services (Web Access) be used on a Domain Controller?

    Question

  • I wanted to use Remote Desktop Services (Web Access) be used on a Domain Controller? However I need to configure Local Users and Groups which is not available. Is there a work around for this problem?
    Wednesday, July 10, 2013 11:13 AM

Answers

  • Thank you this link helped a bit. But does not address "the TS Web Access Computers group is empty. Remote App Programs may be unavailable to users." This is configured in Local Users and Groups which I do not have as this is a Domain server. Will RDS web work with out it?

    Also can I use a different port than 3389 for the server like 3394?

    That article explains a work around using which you can install RD WebAccess on a DC. That's not a supported configuration. If you install RD WebAccess on DC, it will not function as it should or as expected.

    As I mentioned in my earlier post, it's not a good practice to to install any roles on DC other than AD DS and DNS and as Meinolf suggested, consider installing RD WebAccess on a member server.


    Regards, Santosh

    I do not represent the organisation I work for, all the opinions expressed here, are my own.

    This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Blog | Wiki

    Thursday, July 11, 2013 4:02 AM

All replies

  • I am confused by your question, If I am installing Terminal server in PDC then active directory users can access the web console. Are you using 2008 or 2012?
    Wednesday, July 10, 2013 2:27 PM
  • I wanted to use Remote Desktop Services (Web Access) be used on a Domain Controller? 

    You can configure RD Web Access on a DC;  However, its not a good practice. Ideally, DC should have only AD DS and DNS roles installed on it, nothing else.

    http://community.spiceworks.com/how_to/show/2849-configuring-remote-desktop-web-access-on-a-domain-controller

    However I need to configure Local Users and Groups which is not available. Is there a work around for this problem?

    Local Users and Groups will not be available on domain controller.

    http://technet.microsoft.com/en-us/library/cc785020(v=ws.10).aspx


    Regards, Santosh

    I do not represent the organisation I work for, all the opinions expressed here, are my own.

    This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Blog | Wiki

    Wednesday, July 10, 2013 3:12 PM
  • This is a 2008 R2 Domain Server. If I'm correct and local users are not available, will the EDS (web access) work at all? 
    Wednesday, July 10, 2013 3:44 PM
  • This is a 2008 R2 Domain Server. If I'm correct and local users are not available, will the EDS (web access) work at all? 
    http://community.spiceworks.com/how_to/show/2849-configuring-remote-desktop-web-access-on-a-domain-controller

    Regards, Santosh

    I do not represent the organisation I work for, all the opinions expressed here, are my own.

    This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Blog | Wiki

    Wednesday, July 10, 2013 5:18 PM
  • Thank you this link helped a bit. But does not address "the TS Web Access Computers group is empty. Remote App Programs may be unavailable to users." This is configured in Local Users and Groups which I do not have as this is a Domain server. Will RDS web work with out it?

    Also can I use a different port than 3389 for the server like 3394?

    Wednesday, July 10, 2013 7:32 PM
  • I wanted to use Remote Desktop Services (Web Access) be used on a Domain Controller? However I need to configure Local Users and Groups which is not available. Is there a work around for this problem?

    Hello,

    a DC should NEVER be used for RDS. Keep in mind that a DC is the heart of the domain, keeping sensitive inforamtion and security must be lowered so domain users are able to logon to a DC.

    Also it mostly result in using more then one ip address on one or more NICs and a DC run into trouble with multi-homed configuration, you have problems with slow logon, GPOs are not applied correct and lot of more may happen that you are not wanting in your domain.

    In your case it is highly recommended to run a domain member server as RDS machine.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Wednesday, July 10, 2013 7:44 PM
  • Thank you this link helped a bit. But does not address "the TS Web Access Computers group is empty. Remote App Programs may be unavailable to users." This is configured in Local Users and Groups which I do not have as this is a Domain server. Will RDS web work with out it?

    Also can I use a different port than 3389 for the server like 3394?

    That article explains a work around using which you can install RD WebAccess on a DC. That's not a supported configuration. If you install RD WebAccess on DC, it will not function as it should or as expected.

    As I mentioned in my earlier post, it's not a good practice to to install any roles on DC other than AD DS and DNS and as Meinolf suggested, consider installing RD WebAccess on a member server.


    Regards, Santosh

    I do not represent the organisation I work for, all the opinions expressed here, are my own.

    This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Blog | Wiki

    Thursday, July 11, 2013 4:02 AM