Windows Server

This computer is a domain controller: The snap-in cannot be used on a domain controller, domain accounts are managed by ADUC snap-in


Remote Desktop Protocol or just RDP is a special network protocol that allows a user to establish a connection between two computers and access the Desktop of a remote host. For every connection made to a remote PC, the RDP client in Windows (mstsc.exe) saves the computer name or an IP Address and also the username used to log on. See the following guide on how to remove saved RDP credentials in Windows 10. For other topics on RDP, see the following hyperlinks: How to allow saved credentials for RDP connection, how to remove saved RDP credentials entries in Windows 10, How to prevent the saving of Remote Desktop Credentials in Windows, Remote Desktop can not find the computer FQDN and this might mean that FQDN does not belong to the specified network, and how to disconnect a Remote Desktop User.

While creating this guide, I had to simulate this error by launching the Computer Management console. This can also be done via the following shortcut.
- Press Winkey + R to open Run (or just search for it from the search window).
- Type in lusrmgr.msc and press Enter. This is how you can reproduce this error on a Domain Controller.

Below are some related guides: How to add a second Domain Controller to your environment, how to Setup a Domain Controller and how to synchronize your Domain Controller with an external time source in Windows.

In an Active Directory environment, you can also use local users and groups available via the Computer Management (MMC console) to enable remote Desktop Connection. The Domain Controller uses the built-in domain group Remote Desktop Users (located in the Builtin container). You can manage this group from the ADUC console or from the command prompt to manage your Domain Controller. See this guide for this error “The connection was denied because the user is not authorized for remote Login“, and how to enable Remote Desktop Connection on Windows 11 for non-administrators or selected users.

To manage remote users on a DC, launch the Server Manager
– Click on Tools,
– And then on Active Directory Users and Computers


This will open the Active Directory Users and Computers snap-in. Double click on the Remote Desktop users as shown below.


This will open up the Remote Desktop Users Properties window. Navigate to the Members tab and click on Add to add users.


Enter the user’s name and click on Check names as shown below.


As you can see, the object is presented in AD. Click on Ok to close the Remote Desktop Users Properties window. You will have to click on OK again.


This is how you can add users to the Remote Desktop Group on a DC. You may also have to “Allow Log on through Remote Desktop Services” on a DC if not enabled already. If you do not have a real need to connect to your DC via RDP, please use the Remote Server Administration Tools. See these guides on how install RSAT on Windows Server, and how to install RSAT on Windows 10 via Windows features.

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x