Hi,
When " the domain admin CANNOT RDP to the DC", what's the error message?
Was the domain admin a member of the administrators group?
Run the cmd on the DC and enter the command as administrator : gpresult /h c:\report.html
If possible , please share a screenshot here!
Then check the default domain controller policy ,under the Allow log on through Remote Desktop Services :if the domain admin was added.
By default, only administrators can rdp to the DCs.
Best Regards,