Assigning remote server's logon server to variable

This topic contains 6 replies, has 3 voices, and was last updated by  Don Jones 2 years, 11 months ago.

  • Author
    Posts
  • #20956

    thickgit
    Participant

    Hi Folks!

    I created a quick-and-dirty little script that creates an AD group, adds a user to it and also publishes an RDP XenApp application within Citrix to the relevant user via the newly-created AD group.

    I was quite pleased with myself when I pulled this little beauty off because we've got hundreds of the bleeders and now all I have to do is enter the user's SamAccountName and the name of the Windows 7 machine and the script does the rest.

    However, I've hit a wee snag whereby the Citrix server won't recognise the AD group created earlier on in the script if it has a different logon server to my local machine where I run the script from.

    What I would like to do is have my script write the new AD group to the same domain controller that the XenApp Data Collector authenticates against. (Obviously I don't want to wait for replication).

    What I guess I'm looking for is for the script to perform a "$env:LOGONSERVER" against a remote machine (i.e. the XenApp Data Collector) and then assign that to a variable. Is that possible?

    Cheers.

    TG

  • #20957

    Dave Wyatt
    Moderator

    If PowerShell remoting is enabled on the remote machine, that should be as easy as this:

    $remoteLogonServer = Invoke-Command -ComputerName $remoteComputerName { $env:LOGONSERVER }
    
  • #20958

    thickgit
    Participant

    Thanks Dave,

    I did try that to start with, but when I ran that line by itself, within the CLI, it didn't return anything. Should it?

    Cheers.

    TG

  • #20961

    Dave Wyatt
    Moderator

    Seems to work for me. This is connecting to a VM that I have running locally, though I do not have an AD environment (so the LOGONSERVER variable refers to the machine itself):

    C:\Users\dlwya_000\Documents\GitHub> Invoke-Command -Session $session { $env:LOGONSERVER }
    \\WIN-M1MESETRBEA
    

    I used -Session instead of -ComputerName in this case (because I needed to set some session options to enable HTTPS connection with a self-signed certificate), but in an AD environment with Kerberos authentication enabled, I wouldn't have needed to do that.

  • #20962

    thickgit
    Participant

    Nope, still can't get it to work. If I RDP directly to the server and run just[i] $env:LOGONSERVER[/i], it works. However, if I try the [i]Invoke-Command[/i] method or even using [i]Enter-PSSession[/i] on to the server, it doesn't return anything. Strange....

  • #20963

    Dave Wyatt
    Moderator

    Might have something to do with the authentication type. Maybe Kerberos auth isn't setting that environment variable for some reason. (In my test, I was using NTLM authentication in a workgroup environment.)

  • #20964

    Don Jones
    Keymaster

    When you remote into a machine in a domain environment, you're not "logging on," so I wouldn't necessary expect that variable to be set. Dave, your operation is different because you are in fact authenticating at the remote machine.

    That env variable is set per-user, so if you're not IN a user session (Remoting doesn't spin one up), you wouldn't have it.

    Replication shouldn't be taking *that* long. If it is, you should fix that.

You must be logged in to reply to this topic.