Assigning remote server's logon server to variable

thickgit · December 5, 2014, 2:54am

Hi Folks!

I created a quick-and-dirty little script that creates an AD group, adds a user to it and also publishes an RDP XenApp application within Citrix to the relevant user via the newly-created AD group.

I was quite pleased with myself when I pulled this little beauty off because we’ve got hundreds of the bleeders and now all I have to do is enter the user’s SamAccountName and the name of the Windows 7 machine and the script does the rest.

However, I’ve hit a wee snag whereby the Citrix server won’t recognise the AD group created earlier on in the script if it has a different logon server to my local machine where I run the script from.

What I would like to do is have my script write the new AD group to the same domain controller that the XenApp Data Collector authenticates against. (Obviously I don’t want to wait for replication).

What I guess I’m looking for is for the script to perform a “$env:LOGONSERVER” against a remote machine (i.e. the XenApp Data Collector) and then assign that to a variable. Is that possible?

Cheers.

TG

system · December 5, 2014, 3:02am

If PowerShell remoting is enabled on the remote machine, that should be as easy as this:

$remoteLogonServer = Invoke-Command -ComputerName $remoteComputerName { $env:LOGONSERVER }

thickgit · December 5, 2014, 3:14am

Thanks Dave,

I did try that to start with, but when I ran that line by itself, within the CLI, it didn’t return anything. Should it?

Cheers.

TG

system · December 5, 2014, 3:27am

Seems to work for me. This is connecting to a VM that I have running locally, though I do not have an AD environment (so the LOGONSERVER variable refers to the machine itself):

C:\Users\dlwya_000\Documents\GitHub> Invoke-Command -Session $session { $env:LOGONSERVER }
\\WIN-M1MESETRBEA

I used -Session instead of -ComputerName in this case (because I needed to set some session options to enable HTTPS connection with a self-signed certificate), but in an AD environment with Kerberos authentication enabled, I wouldn’t have needed to do that.

thickgit · December 5, 2014, 3:42am

Nope, still can’t get it to work. If I RDP directly to the server and run just $env:LOGONSERVER, it works. However, if I try the Invoke-Command method or even using Enter-PSSession on to the server, it doesn’t return anything. Strange…

system · December 5, 2014, 3:43am

Might have something to do with the authentication type. Maybe Kerberos auth isn’t setting that environment variable for some reason. (In my test, I was using NTLM authentication in a workgroup environment.)

donj · December 5, 2014, 3:45am

When you remote into a machine in a domain environment, you’re not “logging on,” so I wouldn’t necessary expect that variable to be set. Dave, your operation is different because you are in fact authenticating at the remote machine.

That env variable is set per-user, so if you’re not IN a user session (Remoting doesn’t spin one up), you wouldn’t have it.

Replication shouldn’t be taking that long. If it is, you should fix that.