Assigning remote server's logon server to variable

This topic contains 6 replies, has 3 voices, and was last updated by Profile photo of Don Jones Don Jones 2 years ago.

  • Author
    Posts
  • #20956
    Profile photo of thickgit
    thickgit
    Participant

    Hi Folks!

    I created a quick-and-dirty little script that creates an AD group, adds a user to it and also publishes an RDP XenApp application within Citrix to the relevant user via the newly-created AD group.

    I was quite pleased with myself when I pulled this little beauty off because we've got hundreds of the bleeders and now all I have to do is enter the user's SamAccountName and the name of the Windows 7 machine and the script does the rest.

    However, I've hit a wee snag whereby the Citrix server won't recognise the AD group created earlier on in the script if it has a different logon server to my local machine where I run the script from.

    What I would like to do is have my script write the new AD group to the same domain controller that the XenApp Data Collector authenticates against. (Obviously I don't want to wait for replication).

    What I guess I'm looking for is for the script to perform a "$env:LOGONSERVER" against a remote machine (i.e. the XenApp Data Collector) and then assign that to a variable. Is that possible?

    Cheers.

    TG

  • #20957
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    If PowerShell remoting is enabled on the remote machine, that should be as easy as this:

    $remoteLogonServer = Invoke-Command -ComputerName $remoteComputerName { $env:LOGONSERVER }
    
  • #20958
    Profile photo of thickgit
    thickgit
    Participant

    Thanks Dave,

    I did try that to start with, but when I ran that line by itself, within the CLI, it didn't return anything. Should it?

    Cheers.

    TG

  • #20961
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    Seems to work for me. This is connecting to a VM that I have running locally, though I do not have an AD environment (so the LOGONSERVER variable refers to the machine itself):

    C:\Users\dlwya_000\Documents\GitHub> Invoke-Command -Session $session { $env:LOGONSERVER }
    \\WIN-M1MESETRBEA
    

    I used -Session instead of -ComputerName in this case (because I needed to set some session options to enable HTTPS connection with a self-signed certificate), but in an AD environment with Kerberos authentication enabled, I wouldn't have needed to do that.

  • #20962
    Profile photo of thickgit
    thickgit
    Participant

    Nope, still can't get it to work. If I RDP directly to the server and run just[i] $env:LOGONSERVER[/i], it works. However, if I try the [i]Invoke-Command[/i] method or even using [i]Enter-PSSession[/i] on to the server, it doesn't return anything. Strange....

  • #20963
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    Might have something to do with the authentication type. Maybe Kerberos auth isn't setting that environment variable for some reason. (In my test, I was using NTLM authentication in a workgroup environment.)

  • #20964
    Profile photo of Don Jones
    Don Jones
    Keymaster

    When you remote into a machine in a domain environment, you're not "logging on," so I wouldn't necessary expect that variable to be set. Dave, your operation is different because you are in fact authenticating at the remote machine.

    That env variable is set per-user, so if you're not IN a user session (Remoting doesn't spin one up), you wouldn't have it.

    Replication shouldn't be taking *that* long. If it is, you should fix that.

You must be logged in to reply to this topic.