Windows Server

How to fix this computer is a domain controller: The snap-in cannot be used on a domain controller


Remote Desktop Protocol (RDP) is a special network protocol that allows a user to establish a connection between two computers. For every connection made to a remote PC, the RDP client in Windows (mstsc.exe) saves the computer name or an IP Address and also the username used to log on. See the following guide on how to remove saved RDP credentials in Windows 10. Please see this article on how How to fix this computer is a domain controller: The snap-in cannot be used on a domain controller, domain accounts are managed by ADUC snap-in. Please see how to fix “this snap-in performed a non-valid operation and has been unloaded: To continue using this snap-in restart MMC or try loading the snap-in again.

While creating this guide, I had to simulate this error by launching the Computer Management console. This can also be done via the following shortcut. For other topics on RDP, see the following hyperlinks: How to allow saved credentials for RDP connection, how to remove saved RDP credentials entries in Windows 10, How to prevent the saving of Remote Desktop Credentials in Windows, Remote Desktop can not find the computer FQDN and this might mean that FQDN does not belong to the specified network, and how to disconnect a Remote Desktop User.

- Press Winkey + R to open Run (or just search for it from the search window).
- Type in lusrmgr.msc and press Enter. This is how you can reproduce this error on a Domain Controller.

Reason for the error

In an Active Directory environment, you can use local users and groups available via the Computer Management (MMC console) to enable remote Desktop Connection. The Domain Controller uses the built-in domain group Remote Desktop Users (located in the Builtin container).

You can manage this group from the ADUC console or from the command prompt to manage your Domain Controller. See this guide for this error “The connection was denied because the user is not authorized for remote Login“, and how to enable Remote Desktop Connection on Windows 11 for non-administrators or selected users.


Please see how to fix “Allow RDP access for non administrators: Add User to Remote Desktop Users Group in Active Directory“, and how to save and stop modification to Microsoft Management Console.

Resolution to “The snap-in cannot be used on a domain controller”

To manage remote users on a DC, launch the Server Manager

- Click on Tools,
- And then on Active Directory Users and Computers

This will open the Active Directory Users and Computers snap-in. Double-click on the Remote Desktop users as shown below.

Below are some related guides: How to add a second Domain Controller to your environment. How to Setup a Domain Controller and how to synchronize your Domain Controller with an external time source in Windows.


This will open up the Remote Desktop Users Properties window. Navigate to the Members tab and click on Add to add users.


Enter the user’s name and click on Check names as shown below.


As you can see, the object is presented in AD. Click on Ok to close the Remote Desktop Users Properties window. You will have to click on OK again.


This is how you can add users to the Remote Desktop Group on a DC. You may also have to “Allow Log on through Remote Desktop Services” on a DC if not enabled already.

If you do not have a real need to connect to your DC via RDP. Please use the Remote Server Administration Tools. See these guides on how to install RSAT on Windows Server. And how to install RSAT on Windows 10 via Windows features.

I hope you found this blog post helpful on how to fix this computer is a domain controller: The snap-in cannot be used on a domain controller. If you have any questions, please let me know in the comment session

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x