So I've read that it's best practice to filter DirectAccess GPO Affects to a single Security group instead of the "All Commputers" Group in AD. So I've done this. I created a group called 'DirectAccess' and set that as the target. When I attempt to generate the GPO in the DirectAccess Wizard, I recieve this error:
"Security Group MyDomain\DirectAccess cannot be found"
"The Operation Failed. All of the Specified Security Groups are invalid."
So it looks like the group is invisible to my Server? The only thing I can think of is my AD Structure is sitting on some 2008 R2 boxes and this server is 2012 R2 box. Is there a requirement for AD to be at 2012 Operational Level for DirectAccess to work in 2012 server R2?
--Aaron