Installing RD Session Host on a Domain Controller
Applies To: Windows Server 2008 R2
Installing the RD Session Host role service on an Active Directory domain controller is not recommended. Allowing users to run programs on a domain controller could create security risks and performance issues.
If the RD Session Host role service is installed on a domain controller, the security settings of the domain controller will need to be adjusted to allow users to have remote access to the server. This remote access is controlled by the Allow logon through Remote Desktop Services user rights assignment, which can be configured by using the Group Policy Management Console (GPMC).
On a domain controller, by default, only the Administrators group is granted the Allow logon through Remote Desktop Services user right. To allow remote access to the RD Session Host server for users who are not members of the Administrators group, you should grant the Remote Desktop Users group the Allow logon through Remote Desktop Services user right.
For more information about using GPMC to configure user rights assignments, see the Group Policy Management Console Help in Windows Server 2008 R2.
For more information about RD Licensing, see the Remote Desktop Services page on the Windows Server 2008 R2 TechCenter (https://go.microsoft.com/fwlink/?LinkId=140434).