This blog post will show you how to deploy RDS on a Domain Controller, I have received a lot of messages over the past months on this saying that it’s not possible. Firstly I would personally never recommend deploying RDS on a domain controller as there are a number of security risks and best practices that get thrown out of the window.
The first thing I have done is deploy a Domain Controller:
I have spun up a Virtual Machine, installed Active Directory and then promoted it to a Domain Controller. Domain being the same as the blog site – Ryanmangansitblog.com
Go to Server Manager Select Add roles and Features, then select Remote Desktop Services Installation.
Select the Standard Deployment option
Select the Domain Controller for all services, RD Connection Broker, RD Web Access, and RD Session Host.
Once you have confirmed and selected Restart. RDS will then start to install.
The installation will Fail………… But wait don’t panic, everything still works !!! I will explain. The Connection Broker installs, but the RD Web and Session Host fails. Running the install process again, will resolve the issue.
Close the window.
Start the process again ….
This time you will see The RD Connection Broker with the Domain Controller name:
Continue all the way to completion:
Once your happy, Click Deploy……
There you have it ….. The Domain Controller now has the Connection Broker, Web Access and Session Host roles.
The Other way:
Use the add roles and features wizard, select Remote Desktop Services, Roles Services and then Tick Remote Desktop Connection Broker
Install the RDCB role. Then start a RDS installation and you will see the connection broker role present.
Follow the same process as before..
As you can see the install will not fail.
I hope this helps…. and answers everyone’s question ! You can deploy RDS on a Domain Controller.
For more information please see the following Links:
Remote Desktop Services role cannot co-exist with AD DS role on Windows Server 2012
Installing RD Session Host on a Domain Controller
Ryan Mangan's IT Blog 
it didn’t work for windows server 2012 R2 domain controller with AD domain and directory services installed. It failed every time
Check your configuration, Build Version and follow the process provided. This method does work. Reboots during the installation of the roles can resolve the issues you stated.
Thank you, Ryan. What about RD Gateway? Can it be installed on a DC, and I guess, RD Licensing too?
You can install all roles on the DC but from a security perspective i would strongly recommend having the gateway on another box
Hi Ryan.
I’m sorry to bother you.
How’s that when you install the RDS services and after restart the server, you cannot access again using MSTSC?
you may want to try /admin
Dear Abel Tana,
I had the same problem as you, after installing RDS in Domain Controller, access via mstsc no longer works, nor using “/ admin”. Were you able to solve this problem? Please, if you could, could you tell us the way? Thank you very much! Julio Rocha
Dear Abel Tana,
I had the same problem as you, after installing RDS in Domain Controller, access via mstsc no longer works, nor using “/ admin”. Were you able to solve this problem? Please, if you could, could you tell us the way? Thank you very much! Julio Rocha
this sounds like a licensing issue, or a certificate issue. you need to review the event logs. if you have installed a certificate for RDP and its incorrect, then it can break remote access to the server.
I see that it’s possible to setup everything RDS on a single box. I know it’s not recommended, but when setting up the domain for this server should I use the same domain as their FQDN or a subdomain? (IE Contoso.com or AD.contoso.com) The purchased certificate will likely be applied to remote.contoso.com for IIS.
Yes you can. Thanks
Ryan,
Thank you for your Article.. I had some questions about a setup I’m trying to build out..
i”m looking to create a Multi Tennant RDS Environment to host RD Sessions for 3 different customers.
i’m trying to keep our start cost low and have Provisioned 2 Server. Server A and Server B.
Server A :would be our PDC and we would create an OU for each customer.
Server B: Would be a dedicated RDS for Client A
Server C ( Future Server) : Would be a Dedicated RDS for Client B. (
The items I can’t wrap my head around would be the following.
1. Can I Run the Following Services from our PDC – “Server A” RD Web Access, RD Licensing,RD Gateway and RD Connection Broker?
2. I’m Confused between how the RD Gateway and RD Connection Broker would help me out. I’m not going to be doing any Load balancing or running a Server Farm. My Goal would be to Spin up a dedicatd RDS for each Customer as we onboard them. Could this be just accomplished with the RD Gateway and statically assigning an Organizational Unit to only connect to RDS Server X.
Thank you in Advance.
– Ivan
I would avoid using a DC for an RDS deployment. They are fine for labs but not for production. the RD Gateway allows access externally using TLS and SSL (VPN) like connectivity and the connection broker manages reconnects etc.
Thanks for this article….have fought this battle once before, gave up and wiped the server with a fresh reload. Made my day.
Thanks
Jie
Hi,
I’ve tried your suggestions and they just keep failing. I never get to where it says fqdn as connection name for rd broker. The 2nd way you suggest doesn’t come up either. any ideas? I’d be so grateful. Stuck on this and I’m running out of time.
you need to ensure that all the hotfixes are applied and the server is patched up to date.
All updates are installed. The hotfixes that I’ve found say they’re not applicable to the server. I don’t know what else to do. Any ideas?
The server requires that the client support Enhanced RDP Security with CredSSP. getting this error