I've been trying to make this work for like 2 days and still no luck from google and searching…
i have a windows 7 VM in hyperV ready and generalized to use as my collection template. when im following the wizard for creating virtual desktop collection at some point i get to chose my organizational unit (OU) since im going with defaults i have none so it shows "-" and i chose it then follow the wizard till the end but the installation progress fails everytime with following error:
Failed: RD Connection Broker could not create the computer account object in Active Directory Domain Services (AD DS). Ensure that the RD Connection Broker computer account has permissions to create computer accounts in the organizational unit (OU), the RD Connection Broker server can contact AD DS, and a duplicate computer account object does not exist in a different OU.
i couldnt find a way to give these permissions to RDCB… any advice?
Best Answer
Check that the connection broker can actually contact the DC. It needs the same ports for AD as everything else and access to a non-RODC.
The permission your server account needs is simple. In the delegation dialogue for your domain, create a custom delegation. The permission you need for it is create computer objects; look under computer objects and select the grant checkbox for create. You can delegate it for your whole domain, or just the OU containing your RDP pool.
Although you don't currently have any OUs, you really ought to create a new one for tasks like this. That way, if you want to apply a GPO to your RDP boxes (to force RDP authentication, rename local admin, etc.), they are all in one place and isolated from other computers (like your servers and workstations).
Make sure your naming convention is appropriate and not creating duplicates, like the error says, as well. Duplicates can be created when you attempt to reuse old names as well, if the computer accounts have not been deleted, though I don't ever recall this being a real practical problem.