Share via

RemoteApp User Assignment not filtering for members of trusted domain

Ruslan Nalivaika 121 Reputation points
2020-12-04T16:30:45.42+00:00

Hi all, I am troubleshooting a relatively new RDS setup and need to assign different resource collections to different user groups in trusted domains. I have one gateway, one connection broker and several session hosts in the resource domain. The problem is that all RDS users from trusted domains for some reason see all collections and apps in RDWeb user portal, completely disregarding the user/group assignments on collections and apps. Althouth, filtering works fine for members of the resource domain.
Any ideas? Regards, Ruslan

Windows for business | Windows Client for IT Pros | User experience | Remote desktop services and terminal services
Windows for business | Windows Server | User experience | Other
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anjali Sharma (CONVERGYS CORPORATION) 0 Reputation points Microsoft External Staff
    2026-02-26T08:59:20.73+00:00

    @Ruslan Nalivaika Please help me by sharing how you resolved the issue mentioned above, as we are facing the same scenario.
    Users from the account forest, who are added to a domain local security group in the resource forest within Active Directory, are able to see all Remote Desktop Services (RDS) applications instead of only the applications explicitly assigned to them.

    This is a newly configured setup, and the cx expected behavior has never functioned as intended for users from the resource forest. However, the same configuration works as expected for users from the local domain forest.

    0 comments
  2. Ruslan Nalivaika 121 Reputation points
    2020-12-07T09:15:25.747+00:00

    Is there any log that I can use to troubleshoot user assignment filtering ?

  3. Ruslan Nalivaika 121 Reputation points
    2020-12-07T08:30:08.08+00:00

    Hi Karlie, yes different customers/users are members of different AD groups used on collections...

    0 comments
  4. Anonymous
    2020-12-07T05:52:13.59+00:00

    Hello Ruslan @Ruslan Nalivaika

    Please make sure you have added groups in Active Directory Users and Computers .

    For example, you have Group A and B, each group has their own users.
    Please add Group A and B as member of built-in group named Remote Desktop Users:
    Active Directory Users and Computers – your domain name – Builtin - Remote Desktop Users – Properties – Members – Add, manually add Group A and B.

    On your RD CB, open Server Manager – Remote Desktop Services – Collections:
    Click to select one of your collection, for example Collection 1 – PROPERTIES – TASKS – Edit properties – User Group – manually add Group A, and remove domain user group. Make sure there is only group A added.

    Save the change and check the result. Same operation for your collection 2 and group B.

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best Regards
    Karlie

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.