Assigning remote server's logon server to variable

Hi Folks!

I created a quick-and-dirty little script that creates an AD group, adds a user to it and also publishes an RDP XenApp application within Citrix to the relevant user via the newly-created AD group.

I was quite pleased with myself when I pulled this little beauty off because we’ve got hundreds of the bleeders and now all I have to do is enter the user’s SamAccountName and the name of the Windows 7 machine and the script does the rest.

However, I’ve hit a wee snag whereby the Citrix server won’t recognise the AD group created earlier on in the script if it has a different logon server to my local machine where I run the script from.

What I would like to do is have my script write the new AD group to the same domain controller that the XenApp Data Collector authenticates against. (Obviously I don’t want to wait for replication).

What I guess I’m looking for is for the script to perform a “$env:LOGONSERVER” against a remote machine (i.e. the XenApp Data Collector) and then assign that to a variable. Is that possible?



If PowerShell remoting is enabled on the remote machine, that should be as easy as this:

$remoteLogonServer = Invoke-Command -ComputerName $remoteComputerName { $env:LOGONSERVER }

Thanks Dave,

I did try that to start with, but when I ran that line by itself, within the CLI, it didn’t return anything. Should it?



Seems to work for me. This is connecting to a VM that I have running locally, though I do not have an AD environment (so the LOGONSERVER variable refers to the machine itself):

C:\Users\dlwya_000\Documents\GitHub> Invoke-Command -Session $session { $env:LOGONSERVER }

I used -Session instead of -ComputerName in this case (because I needed to set some session options to enable HTTPS connection with a self-signed certificate), but in an AD environment with Kerberos authentication enabled, I wouldn’t have needed to do that.

Nope, still can’t get it to work. If I RDP directly to the server and run just $env:LOGONSERVER, it works. However, if I try the Invoke-Command method or even using Enter-PSSession on to the server, it doesn’t return anything. Strange…

Might have something to do with the authentication type. Maybe Kerberos auth isn’t setting that environment variable for some reason. (In my test, I was using NTLM authentication in a workgroup environment.)

When you remote into a machine in a domain environment, you’re not “logging on,” so I wouldn’t necessary expect that variable to be set. Dave, your operation is different because you are in fact authenticating at the remote machine.

That env variable is set per-user, so if you’re not IN a user session (Remoting doesn’t spin one up), you wouldn’t have it.

Replication shouldn’t be taking that long. If it is, you should fix that.