Posts RSS Comments RSS 117 Posts and 170 Comments till now

Find-CitrixUser.ps1 (Citrix Top 10)

This is another script that I can use quite often. It is a simple script that queries all the sessions and returns the ones where the User matches. I made the User a RegEx search so you could do multiple users.

Name: Find-CitrixUser.ps1
Purpose: Finds where the user(s) are and outputs session info

  1. # Find-CitrixUser.ps1
  2. # Brandon Shell [MVP]
  3. # www.bsonposh.com
  4. # Finds where the user(s) are and out puts session info
  5. Param($user=".*",[switch]$help)
  6. function HelpMe{
  7.     Write-Host
  8.     Write-Host " Find-CitrixUser.ps1:" -fore Green
  9.     Write-Host "   Finds where the user(s) are and out puts session info"
  10.     Write-Host
  11.     Write-Host " Parameters:" -fore Green
  12.     Write-Host "   -User                  : Optional. Name of the User or RegEx (Default is all users)"
  13.     Write-Host "   -Help                  : Optional. Displays This"
  14.     Write-Host
  15.     Write-Host " Examples:" -fore Green
  16.     Write-Host "   Finds User TestMe and outputs and returns ServerName,ClientAddress, and SessionID" -fore White
  17.     Write-Host "     .\Find-CitrixUser.ps1 | ft ServerName,ClientAddress,SessionID " -fore Yellow
  18.     Write-Host
  19.     Write-Host "   Finds all Users who start with ‘Sales’ and returns UserName,ServerName, and SessionID"  -fore White
  20.     Write-Host "     .\Find-CitrixUser.ps1 `"^sales`" | ft UserName,ServerName,SessionID " -fore Yellow
  21.     Write-Host
  22.     Write-Host "   To View All properties availiable." -fore White
  23.     Write-Host "     .\Find-CitrixUser.ps1 <username> | Get-Member" -fore Yellow
  24.     Write-Host
  25. }
  26.  
  27. # Check for the Help or if
  28. if($help){helpme;Write-Host;return}
  29.  
  30. # Code to Get the Farm and Initialize
  31. $farm = New-Object -com "MetaframeCOM.MetaFrameFarm"
  32. $farm.Initialize(1)
  33.  
  34. # Get the Sessions and Parse for Users who match
  35. $farm.Sessions | ?{$_.UserName -match $user}

tshell :: Apr.07.2008 :: All, Citrix, Powershell, SQL, Scripting :: No Comments »

More userAccountControl Flag Fun (Convert-ToUACFlag.ps1)

A question on the NG made me think about this. While I personally prefer the decimal that comes from userAccountControl, others may prefer to actually see the FLAGS that are set.

Here is the script I came up with. It will output and array by default, but -toString will output a “,” delimited string.

It has a great -help function with -verbose output that explains each UAC Flag

Convert-ToUACFlag.ps1

  1. # Convert-ToUACFlag.ps1
  2. Param([int]$uac,[switch]$ToString,[switch]$help,[switch]$verbose)
  3. function HelpMe{
  4.     Write-Host
  5.     Write-Host " Convert-ToUACFlag.ps1:" -fore Green
  6.     Write-Host "   Converts UAC from Decimal or Hex to User Account Control Flags (described verbose help)"
  7.     Write-Host
  8.     Write-Host " Parameters:" -fore Green
  9.     Write-Host "   -UAC                   : Parameter User Account Control Value"
  10.     Write-Host "   -toString              : [SWITCH]  Output to String instead of Array"
  11.     Write-Host "   -Help                  : [SWITCH]  Displays This"
  12.     Write-Host "   -Verbose               : [SWITCH]  Displays This and User Account Control Definitions"
  13.     Write-Host
  14.     Write-Host " Examples:" -fore Green
  15.     Write-Host "   Convert to Flag getting back array" -fore White
  16.     Write-Host "     .\Convert-ToUACFlag.ps1 69649" -fore Yellow
  17.     Write-Host "   Convert to Flag getting back string" -fore White
  18.     Write-Host "     .\Convert-ToUACFlag.ps1 69649 -toString" -fore Yellow
  19.     Write-Host
  20.     if($verbose)
  21.     {
  22.         Write-Host " User Account Control Flags and Definition" -fore Green
  23.         Write-Host "  + SCRIPT" -fore Yellow
  24.         Write-Host "    - The logon script will be run."
  25.         Write-Host
  26.         Write-Host "  + ACCOUNTDISABLE" -fore Yellow
  27.         Write-Host "    - The user account is disabled."
  28.         Write-Host
  29.         Write-Host "  + HOMEDIR_REQUIRED" -fore Yellow
  30.         Write-Host "    - The home folder is required."
  31.         Write-Host
  32.         Write-Host "  + PASSWD_NOTREQD" -fore Yellow
  33.         Write-Host "    - No password is required."
  34.         Write-Host
  35.         Write-Host "  + PASSWD_CANT_CHANGE" -fore Yellow
  36.         Write-Host "    - The user cannot change the password."
  37.         Write-Host "    - This is a permission on the user’s object."
  38.         Write-Host
  39.         Write-Host "  + ENCRYPTED_TEXT_PASSWORD_ALLOWED" -fore Yellow
  40.         Write-Host "    - The user can send an encrypted password."
  41.         Write-Host
  42.         Write-Host "  + TEMP_DUPLICATE_ACCOUNT" -fore Yellow
  43.         Write-Host "    - This is an account for users whose primary account is in another domain."
  44.         Write-Host "    - This account provides user access to this domain,"
  45.         Write-Host "      but not to any domain that trusts this domain."
  46.         Write-Host "    - This is sometimes referred to as a local user account."
  47.         Write-Host
  48.         Write-Host "  + NORMAL_ACCOUNT" -fore Yellow
  49.         Write-Host "    - This is a default account type that represents a typical user."
  50.         Write-Host
  51.         Write-Host "  + INTERDOMAIN_TRUST_ACCOUNT" -fore Yellow
  52.         Write-Host "    - This is a permit to trust an account for a system domain that trusts other domains."
  53.         Write-Host
  54.         Write-Host "  + WORKSTATION_TRUST_ACCOUNT" -fore Yellow
  55.         Write-Host "    - This is a computer account for a computer that is running"
  56.         Write-Host "    - Microsoft Windows NT 4.0 and above and is a member of this domain."
  57.         Write-Host
  58.         Write-Host "  + SERVER_TRUST_ACCOUNT" -fore Yellow
  59.         Write-Host "    - This is a computer account for a domain controller that is a member of this domain."
  60.         Write-Host
  61.         Write-Host "  + DONT_EXPIRE_PASSWD" -fore Yellow
  62.         Write-Host "    - Represents the password, which should never expire on the account."
  63.         Write-Host
  64.         Write-Host "  + MNS_LOGON_ACCOUNT" -fore Yellow
  65.         Write-Host "    - This is an MNS logon account."
  66.         Write-Host
  67.         Write-Host "  + SMARTCARD_REQUIRED" -fore Yellow
  68.         Write-Host "    - When this flag is set, it forces the user to log on by using a smart card."
  69.         Write-Host
  70.         Write-Host "  + TRUSTED_FOR_DELEGATION" -fore Yellow
  71.         Write-Host "    - When this flag is set, the service account (the user or computer account)"
  72.         Write-Host "      under which a service runs is trusted for Kerberos delegation."
  73.         Write-Host "    - Any such service can impersonate a client requesting the service."
  74.         Write-Host "    - To enable a service for Kerberos delegation, you must set this flag on the"
  75.         Write-Host "      userAccountControl property of the service account."
  76.         Write-Host
  77.         Write-Host "  + NOT_DELEGATED" -fore Yellow
  78.         Write-Host "    - When this flag is set, the security context of the user is not delegated to"
  79.         Write-Host "      a service even if the service account is set as trusted for Kerberos delegation."
  80.         Write-Host
  81.         Write-Host "  + USE_DES_KEY_ONLY" -fore Yellow
  82.         Write-Host "    - (Windows 2000/Windows Server 2003) Restrict this principal to use only"
  83.         Write-Host "      Data Encryption Standard (DES) encryption types for keys."
  84.         Write-Host
  85.         Write-Host "  + DONT_REQUIRE_PREAUTH" -fore Yellow
  86.         Write-Host "    - (Windows 2000/Windows Server 2003) This account does not require"
  87.         Write-Host "      Kerberos pre+authentication for logging on."
  88.         Write-Host
  89.         Write-Host "  + PASSWORD_EXPIRED" -fore Yellow
  90.         Write-Host "    - (Windows 2000/Windows Server 2003) The user’s password has expired."
  91.         Write-Host
  92.         Write-Host "  + TRUSTED_TO_AUTH_FOR_DELEGATION" -fore Yellow
  93.         Write-Host "    - (Windows 2000/Windows Server 2003) The account is enabled for delegation."
  94.         Write-Host "    - This is a security-sensitive setting."
  95.         Write-Host "    - Accounts with this option enabled should be tightly controlled."
  96.         Write-Host "    - This setting allows a service that runs under the account to assume a client’s"
  97.         Write-Host "      identity and authenticate as that user to other remote servers on the network."
  98.     }
  99.     Write-Host
  100. }
  101.  
  102. if(!$uac -or $help){HelpMe;Return}
  103. $flags = @()
  104. switch ($uac)
  105. {
  106.     {($uac -bor 0×0002) -eq $uac}    {$flags += "ACCOUNTDISABLE"}
  107.     {($uac -bor 0×0008) -eq $uac}    {$flags += "HOMEDIR_REQUIRED"}
  108.     {($uac -bor 0×0010) -eq $uac}    {$flags += "LOCKOUT"}
  109.     {($uac -bor 0×0020) -eq $uac}    {$flags += "PASSWD_NOTREQD"}
  110.     {($uac -bor 0×0040) -eq $uac}    {$flags += "PASSWD_CANT_CHANGE"}
  111.     {($uac -bor 0×0080) -eq $uac}    {$flags += "ENCRYPTED_TEXT_PWD_ALLOWED"}
  112.     {($uac -bor 0×0100) -eq $uac}    {$flags += "TEMP_DUPLICATE_ACCOUNT"}
  113.     {($uac -bor 0×0200) -eq $uac}    {$flags += "NORMAL_ACCOUNT"}
  114.     {($uac -bor 0×0800) -eq $uac}    {$flags += "INTERDOMAIN_TRUST_ACCOUNT"}
  115.     {($uac -bor 0×1000) -eq $uac}    {$flags += "WORKSTATION_TRUST_ACCOUNT"}
  116.     {($uac -bor 0×2000) -eq $uac}    {$flags += "SERVER_TRUST_ACCOUNT"}
  117.     {($uac -bor 0×10000) -eq $uac}   {$flags += "DONT_EXPIRE_PASSWORD"}
  118.     {($uac -bor 0×20000) -eq $uac}   {$flags += "MNS_LOGON_ACCOUNT"}
  119.     {($uac -bor 0×40000) -eq $uac}   {$flags += "SMARTCARD_REQUIRED"}
  120.     {($uac -bor 0×80000) -eq $uac}   {$flags += "TRUSTED_FOR_DELEGATION"}
  121.     {($uac -bor 0×100000) -eq $uac}  {$flags += "NOT_DELEGATED"}
  122.     {($uac -bor 0×200000) -eq $uac}  {$flags += "USE_DES_KEY_ONLY"}
  123.     {($uac -bor 0×400000) -eq $uac}  {$flags += "DONT_REQ_PREAUTH"}
  124.     {($uac -bor 0×800000) -eq $uac}  {$flags += "PASSWORD_EXPIRED"}
  125.     {($uac -bor 0×1000000) -eq $uac} {$flags += "TRUSTED_TO_AUTH_FOR_DELEGATION"}
  126. }
  127. if($toString){$flags | %{if($mystring){$mystring += ",$_"}else{$mystring = $_}};$mystring}else{$flags}

Oisin the “obsessive programmer” sent me this as another option

  1. param
  2. ([int]$value)
  3. $flags = @("","ACCOUNTDISABLE","", "HOMEDIR_REQUIRED",
  4. "LOCKOUT", "PASSWD_NOTREQD","PASSWD_CANT_CHANGE", "ENCRYPTED_TEXT_PWD_ALLOWED",
  5. "TEMP_DUPLICATE_ACCOUNT", "NORMAL_ACCOUNT", "","INTERDOMAIN_TRUST_ACCOUNT", "WORKSTATION_TRUST_ACCOUNT",
  6. "SERVER_TRUST_ACCOUNT", "", "", "DONT_EXPIRE_PASSWORD", "MNS_LOGON_ACCOUNT", "SMARTCARD_REQUIRED",
  7. "TRUSTED_FOR_DELEGATION", "NOT_DELEGATED","USE_DES_KEY_ONLY", "DONT_REQ_PREAUTH",
  8. "PASSWORD_EXPIRED", "TRUSTED_TO_AUTH_FOR_DELEGATION")
  9. 1..($flags.length) | ? {$value -band [math]::Pow(2,$_)} | % { $flags[$_] }

tshell :: Mar.28.2008 :: Active Directory, HowTo, Powershell, Scripting :: No Comments »

Import-ADUser: All I can say is WoW! Posh 55 / Vbscript 210

Wow.. Just another example of Powershell Proving it is the BIG DOG in the Admin and scripting World!
55 lines vs 200+ line VBScript and the output is PRETTY! :)
CSV file should look like this although only Fullname/sAMAccountName/Mail are required
FullName,sAMAccountName,Mail,Title,Description,Department,manager,Groups
John Smith,jsmith,jsmith@lab.com,BossMan,IdaMaster,IT,me,”Tgroup1,Tgroup2,Tgroup3″

### Import-ADUsersFromCSV

  1. Params($ImportFile,$Password = "P@ssW0rd!",$domain,$OU)
  2. function Get-UserDN{
  3.     Param($usr,$dom)
  4.     $root = [ADSI]"LDAP://$dom"
  5.     $filter = "(&(objectcategory=user)(sAMAccountName=$usr))"
  6.     $searcher = New-Object System.DirectoryServices.DirectorySearcher($root,$filter)
  7.     $searcher.findone() | %{$_.properties.distinguishedname}
  8. }
  9. function Add-UsertoGroup{
  10.     param($group,$UserDN,$dom)
  11.     $root = [ADSI]"LDAP://$dom"
  12.     $filter = "(&(objectcategory=group)(Name=$Group))"
  13.     $searcher = New-Object System.DirectoryServices.DirectorySearcher($root,$filter)
  14.     $grp = ($searcher.findone()).GetDirectoryEntry()
  15.     $grp.add("LDAP://$dom/$UserDN")
  16.     $grp.SetInfo()
  17. }
  18. $Users = Import-Csv $ImportFile
  19. foreach($user in $users)
  20. {
  21.     Write-Host "+ Creating User <$($User.FullName)>"
  22.     # Checking for sAMAccountName/Mail/FullName
  23.     if(!$user.sAMAccountName){Write-Host "  - User $($User.FullName) has no sAMAccountName";continue}
  24.     if(!$user.mail){Write-Host "  - User $($User.FullName) has no mail";continue}
  25.     if(!$user.fullname){Write-Host "  - User $($User.sAMAccountName) has no FullName";continue}
  26.     if($user.ManagerName)
  27.     {
  28.         $manager = Get-UserDN $user.ManagerName -dom $domain
  29.         Write-Host "  - Manager DN $Manager"
  30.     }
  31.     # Creating Account in OU
  32.     $UserOU = [ADSI]"LDAP://$domain/$OU"
  33.     $userObj = $UserOU.Create("User","CN=$($User.FullName)")
  34.     $userObj.put("givenName",($user.FullName).Split()[0])
  35.     $userObj.put("sn",($user.FullName).Split()[1])
  36.     Write-Host "  - Setting User NTLogin $($user.sAMAccountName)";$userObj.put("samAccountName",$user.sAMAccountName)
  37.     Write-Host "  - Setting User Email $($user.mail)";$userObj.put("mail",$user.mail)
  38.     if($user.Designation)
  39.     {Write-Host "  - Setting User Designation $($user.Title)";$userObj.put("Title",$user.Title)}
  40.     if($user.Description)
  41.     {Write-Host "  - Setting User Description $($user.Description)";$userObj.put("Description",$user.Description)}
  42.     if($user.department)
  43.     {Write-Host "  - Setting User Department $($user.department)";$userObj.put("department",$user.department)}
  44.     $userObj.Setinfo()
  45.     $userObj.psbase.invokeset(‘accountdisabled’, $false)
  46.     $userObj.Setinfo()
  47.     $userObj.psbase.invoke("setpassword",$password)
  48.     $userObj.Setinfo()
  49.     foreach($g in (($user.Groups).Split(",")))
  50.     {
  51.         Write-Host "  - Adding User to $g"
  52.         Add-UsertoGroup -group $g -UserDN $userObj.distinguishedname -dom $domain
  53.     }
  54.     write-Host
  55. }

###################################
OUTPUT
###################################

+ Creating User
- Manager DN CN=me,OU=MyUsers,DC=lab,DC=com
- Setting User NTLogin jsmith
- Setting User Email jsmith@lab.com
- Setting User Designation Loser
- Setting User Description Pretty Cool Guy
- Setting User Department IT
- Adding User to tgroup1
- Adding User to tgroup2

+ Creating User
- Manager DN CN=me,OU=MyUsers,DC=lab,DC=com
- Setting User NTLogin gsmith
- Setting User Email gsmith@lab.com
- Setting User Designation Loser
- Setting User Description Pretty Cool Guy
- Setting User Department Sales
- Adding User to tgroup1
- Adding User to tgroup2

tshell :: Sep.14.2007 :: Active Directory, HowTo, Powershell :: No Comments »

How to Manage Multiple Citrix Farms

Chris left a comment on Powershelling Citrix (The Good, Bad, and The Code)

Here is a function that returns a farm object for Server that is passed.

  1. function Get-CitrixFarm {
  2.    Param([string]$server)
  3.    $type = [system.Type]::GetTypeFromProgID("MetaframeCOM.MetaFrameFarm",$server)
  4.    $farm = [system.Activator]::CreateInstance($type)
  5.    $farm.Initialize(1)
  6.    return $farm
  7. }
  8.  

Here is an example to find a Server that a User is on.

  1. function Find-CitrixUser {
  2.     Param([string]$user,[string]$server,[string]$domain,[switch]$verbose)
  3.     $type = [system.Type]::GetTypeFromProgID("MetaframeCOM.MetaframeUser",$server)
  4.     $mfuser = [system.Activator]::CreateInstance($type)
  5.     $mfuser.Initialize(1,$domain,1,$user)
  6.     Write-Host
  7.     Write-Host "User: $($mfuser.UserName) found on the Following:"
  8.     foreach ($s in $mfuser.Sessions)
  9.     {
  10.         if($verbose)
  11.         {
  12.             Write-Host
  13.             Write-Host "$($s.ServerName)"
  14.             Write-Host "-=-=-=-=-=-"
  15.             Write-Host "AppName          : $($s.AppName)" -foregroundcolor yellow
  16.             Write-Host "SessionName      : $($s.SessionName)" -foregroundcolor yellow
  17.             Write-Host "SessionID        : $($s.SessionID)" -foregroundcolor yellow
  18.             Write-Host "ClientAddress    : $($s.ClientAddress)" -foregroundcolor yellow
  19.             Write-Host "ClientEncryption : $($s.ClientEncryption)" -foregroundcolor yellow
  20.             Write-Host
  21.             Write-Host "Processes"
  22.             Write-Host "========="
  23.             foreach ($proc in $s.Processes)
  24.             {
  25.                 Write-Host $proc.ProcessName -foregroundcolor Green
  26.             }
  27.             Write-host
  28.         }
  29.         else
  30.         {
  31.             write-Host "   -> $($s.ServerName)"
  32.         }
  33.     }
  34. }

tshell :: Jun.13.2007 :: Citrix, HowTo, Powershell, Scripting :: No Comments »