look in domain security policy then.
there is one in there somewhere. I had this problem a few years back on Win2K. Its always a problem with permissions and such.
Theres several permissions... you need to add them to the actual RDP connection in terminal services manager as well as added to the domain/domain controller security policy.
By default, regular user accounts cannot log on interactively to a domain controller, only domain admins.
Keep rooting around, its a policy in there somewhere.
Desktop machine: 2 x Opteron 246, Asus K8N-DL, 2GB PC3200 ECC Reg., XFX GeForce 6600GT, 74gb WD Raptor, 2 x 19\" LCDs, Windows XP x64
Server machine: Intel P4 3.0GHz 2MB EM64T, ECS i865pe, 1GB PC3200, 36gb WD Raptor, Windows Server 2003
Laptop: Dell Inspiron 9100 (Intel P4 3.2GHz 1MB Prescott, i865pe, 512MB PC3200, Mobility Radeon 9700, DVD+R/DL Burner), Windows XP
Linux: P3 450Mhz, 386MB ram, Slackware 10.1 (Running mySQL/Apache)