when logging in to server domain admin account gets non admin privileges

Question

I have several servers in my new Server 2022 domain, that do not allow the domain admin to log into them as a full admin, it gives then restricted rights similar to how an end user would be set up. This is all according to the domain group policy. I cant' figure out why this is. This is a clone of a server 2012 network that works perfectly, so the GPO shouldn't be the issue. I'm trying to add these servers to the server farm I've setup, but the installation failed every time. and I think it's because the access is incorrect I've tried turning off the firewall to make sure that wasn't part of the problem. Since we had some naming and IP address changes in the new environment that I though might be part of the issue, I've removed remote desktop entirely from the network, I removed the WID (Windows internal database), Renamed c:\windows\WID to wid.old I then tried to recreate the remote desktop server farm from scratch but I can't install the feature for the remote desktop session hosts because of this problem. Any and all suggestions at this point are appreciated.

When I try to run the deployment through PowerShell I get the following error:

new-rdvirtualDesktopDeployment -ConnectionBroker "conbroker..." -VirtualizationHost "newhost..."

Unable to install RD Virtualization Host role service on server newhost...

+ CategoryInfo          : NotSpecified: (:) [Write-Error], RDManagementException 

+ FullyQualifiedErrorId : InstallRoleServices,Microsoft.PowerShell.Commands.WriteErrorCommand 

+ PSComputerName        : localhost

Answer 1

Hello,

Does this permission issue occur when logging into the servers locally, or is it only happening with RDP?

It seems that you cannot install the RDS role due to the permission issues on the server?\

Thank you!

Karlie Weng

Answer 2

It does happen when I try to log on directly to the server. I'm sure it's a permissions issue but it's new.

Even my old server 2012 setup no longer allows the domain admin to log into the farm servers so I'm thinking some recent Windows update has resulted in this problem.

Answer 3

Hello,

I apologize for the delay in my response.

I'm still a bit confused about the description of the issue. When you mentioned, "I'm trying to add these servers to the server farm I've setup, but the installation failed every time." are you referring to add servers to collections in RDCB (Remote Desktop Connection Broker)? If so, it sounds like you might be encountering permission issues within the RDS (Remote Desktop Services) environment.

However, when I asked, "Does this permission issue occur when logging into the servers locally, or is it only happening with RDP?" I meant to ask whether the issue happens when you log into the server directly (console access), such as on a server that doesn't have the RDS role installed, or if it only occurs when using RDP.

Thank you for your patience and any additional information you can provide.

Best regards,

Karlie Weng

Answer 4

I've managed to get all the servers added to the RD Server farm. One problem solved.

When I try to log in locally (console access) to the farm servers using the domain administrator account is when I get the restricted access problem.

I would think I should be able to log on using that account on any server in the network.

Answer 5

GPOs can restrict permissions. Check if any new or modified GPOs have been applied to the Domain Admin account or the OU where the account resides.