How to Set Up Remote Desktop Services Collections on Windows Server 2019
Remote Desktop Services Collections are logical groupings of RD Session Host servers in Windows Server 2019 that publish a common set of resources — either full session desktops or RemoteApp programs — to a defined group of users. Collections are managed centrally through the RD Connection Broker and allow you to segment different user populations, applications, and resource allocations. A single RDS deployment can contain multiple collections, each tailored for different departments, security requirements, or application sets.
Types of Session Collections
Windows Server 2019 RDS supports two types of collections. A session collection based on RD Session Host servers provides shared desktop sessions or published applications. In a session collection, multiple users share the same physical or virtual server, each in an isolated session. A virtual desktop collection is based on Hyper-V VMs where each user connects to a personal VM. Session collections are the more common choice for application delivery, while virtual desktop collections are used when users need a persistent, personalised desktop environment.
Prerequisites for Creating Collections
Before creating collections, the following must be in place. An RDS deployment must exist with at least one Connection Broker. All RD Session Host servers that will be added to a collection must be domain-joined and have the RDS-RD-Server role installed. RD Licensing must be configured with valid CALs. A file share accessible by all RDSH servers should be prepared for User Profile Disks if UPDs will be used.
# Verify the Connection Broker deployment exists
Get-RDServer -ConnectionBroker "rdcb01.corp.local"
# Check that RDS-RD-Server is installed on target hosts
Invoke-Command -ComputerName rdsh01.corp.local, rdsh02.corp.local -ScriptBlock {
Get-WindowsFeature -Name RDS-RD-Server | Select-Object Name, InstallState
}Creating a New Session Collection
Use the New-RDSessionCollection cmdlet to create a collection and add RD Session Host servers to it. The collection name is used throughout the RDS infrastructure and appears in management consoles and PowerShell cmdlets.
# Create a standard desktop collection with two RDSH servers
New-RDSessionCollection `
-CollectionName "KnowledgeWorkers" `
-SessionHost @("rdsh01.corp.local", "rdsh02.corp.local") `
-ConnectionBroker "rdcb01.corp.local" `
-CollectionDescription "Standard desktop collection for general office users"
# Create a specialised collection for one department
New-RDSessionCollection `
-CollectionName "FinanceApps" `
-SessionHost "rdsh03.corp.local" `
-ConnectionBroker "rdcb01.corp.local" `
-CollectionDescription "Finance department application server"Configuring Collection Properties
After creating a collection, configure session time limits, security settings, user group access, and User Profile Disks using Set-RDSessionCollectionConfiguration.
Set-RDSessionCollectionConfiguration `
-CollectionName "KnowledgeWorkers" `
-ConnectionBroker "rdcb01.corp.local" `
-UserGroup @("CORPRD Users", "CORPContractors") `
-IdleSessionLimitMin 30 `
-DisconnectedSessionLimitMin 120 `
-ActiveSessionLimitMin 0 `
-EnableUserProfileDisk $true `
-MaxUserProfileDiskSizeGB 15 `
-DiskPath "\fileserverRDSProfilesKnowledgeWorkers" `
-AuthenticateUsingNLA $true `
-EncryptionLevel High `
-SecurityLayer SSLAdding and Removing Session Hosts
Scale the collection by adding more RDSH servers as user demand grows, or remove servers for maintenance.
# Add a new RDSH server to an existing collection
Add-RDSessionHost `
-CollectionName "KnowledgeWorkers" `
-SessionHost "rdsh04.corp.local" `
-ConnectionBroker "rdcb01.corp.local"
# Remove an RDSH server from a collection (first stop new connections)
Set-RDSessionHost `
-SessionHost "rdsh02.corp.local" `
-ConnectionBroker "rdcb01.corp.local" `
-NewConnectionAllowed No
# After sessions drain, remove from collection
Remove-RDSessionHost `
-SessionHost "rdsh02.corp.local" `
-ConnectionBroker "rdcb01.corp.local" `
-ForceConfiguring User Group Access per Collection
Each collection can restrict access to specific Active Directory security groups. Only users in the specified groups will see the collection’s resources on the RD Web Access portal and be permitted to connect.
# Restrict the Finance collection to the Finance department group only
Set-RDSessionCollectionConfiguration `
-CollectionName "FinanceApps" `
-ConnectionBroker "rdcb01.corp.local" `
-UserGroup @("CORPFinance Department", "CORPFinance Managers")
# Verify user group settings
Get-RDSessionCollectionConfiguration `
-CollectionName "FinanceApps" `
-ConnectionBroker "rdcb01.corp.local" |
Select-Object CollectionName, UserGroupManaging User Profile Disks
User Profile Disks (UPDs) store user profiles in VHDX files on a network share. When a user connects to any RDSH server in the collection, the UPD is mounted and the user gets a consistent profile. Each user gets their own VHDX file named UVHD-{user-SID}.vhdx in the UPD share.
# Create the UPD share on the file server
New-Item -ItemType Directory -Path "E:RDSProfilesKnowledgeWorkers"
New-SmbShare -Name "KW_UPDs" -Path "E:RDSProfilesKnowledgeWorkers" -FullAccess "CORPDomain Admins" -ChangeAccess "CORPAuthenticated Users"
# Configure NTFS permissions on the UPD folder
icacls "E:RDSProfilesKnowledgeWorkers" /grant "CORPDomain Users:(OI)(CI)M" /grant "CORPDomain Admins:(OI)(CI)F"
# Check UPD disk usage
$UPDPath = "\fileserverKW_UPDs"
Get-ChildItem -Path $UPDPath -Filter "*.vhdx" |
Select-Object Name, @{Name="SizeMB"; Expression={ [math]::Round($_.Length / 1MB, 2) }} |
Sort-Object SizeMB -DescendingViewing and Reporting Collection Status
Monitor collection health by checking session counts, server availability, and load distribution.
# Get all collections in the deployment
Get-RDSessionCollection -ConnectionBroker "rdcb01.corp.local" |
Select-Object CollectionName, CollectionDescription, Size
# Get session count per collection
Get-RDSessionCollection -ConnectionBroker "rdcb01.corp.local" | ForEach-Object {
$Sessions = (Get-RDUserSession -ConnectionBroker "rdcb01.corp.local" |
Where-Object { $_.CollectionName -eq $_.CollectionName }).Count
[PSCustomObject]@{
Collection = $_.CollectionName
Sessions = $Sessions
}
}
# Get detailed collection configuration
Get-RDSessionCollectionConfiguration -CollectionName "KnowledgeWorkers" -ConnectionBroker "rdcb01.corp.local"Setting Session Collection Security
Configure encryption and network-level authentication to secure sessions within the collection. These settings override the individual RDSH server settings for all servers within the collection.
# Apply security settings across the collection
Set-RDSessionCollectionConfiguration `
-CollectionName "KnowledgeWorkers" `
-ConnectionBroker "rdcb01.corp.local" `
-AuthenticateUsingNLA $true `
-SecurityLayer SSL `
-EncryptionLevel High
# Enable Smart Card authentication for a collection
Set-RDSessionCollectionConfiguration `
-CollectionName "SecureAdminDesktop" `
-ConnectionBroker "rdcb01.corp.local" `
-SmartCardLogonRequired $trueAutomating Collection Deployment
For repeatable RDS environment deployments, use a PowerShell script that creates the complete collection configuration in one pass.
param(
[string]$CollectionName,
[string[]]$SessionHosts,
[string]$UserGroup,
[string]$UPDShare,
[string]$CBroker = "rdcb01.corp.local"
)
Write-Host "Creating collection: $CollectionName"
New-RDSessionCollection -CollectionName $CollectionName -SessionHost $SessionHosts `
-ConnectionBroker $CBroker
Write-Host "Configuring collection settings..."
Set-RDSessionCollectionConfiguration `
-CollectionName $CollectionName `
-ConnectionBroker $CBroker `
-UserGroup @($UserGroup) `
-IdleSessionLimitMin 30 `
-DisconnectedSessionLimitMin 60 `
-EnableUserProfileDisk $true `
-MaxUserProfileDiskSizeGB 10 `
-DiskPath $UPDShare `
-AuthenticateUsingNLA $true `
-SecurityLayer SSL `
-EncryptionLevel High
Write-Host "Collection $CollectionName created and configured successfully."Conclusion
RDS Collections in Windows Server 2019 provide the organisational framework for delivering desktop sessions and applications at scale. By grouping RDSH servers into named collections with specific user group permissions, session policies, and UPD configurations, administrators can serve multiple departments or application sets from a single RDS deployment. The PowerShell RDS module provides complete automation for collection lifecycle management from initial creation through scaling, configuration changes, and eventual decommission.
