Last active
November 17, 2018 22:08
-
-
Save darrenjrobinson/e5a5ed14754a71959a3c to your computer and use it in GitHub Desktop.
Microsoft Identity Manager Terminal Services PowerShell Management Agent Schema Script. Supporting blog post is located here https://blog.darrenjrobinson.com/managing-ad-terminal-services-configuration-with-fim-mim-using-the-granfeldt-powershell-management-agent/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param ( | |
| $Username, | |
| $Password, | |
| $Credentials, | |
| $OperationType, | |
| [bool] $usepagedimport, | |
| $pagesize | |
| ) | |
| #Needs reference to .NET assembly used in the script. | |
| Add-Type -AssemblyName System.DirectoryServices.Protocols | |
| $CookieFile = "C:\PROGRA~1\MICROS~4\2010\SYNCHR~1\EXTENS~2\TermServ\ts\TSCookie.bin" | |
| $DebugFilePath = "C:\PROGRA~1\MICROS~4\2010\SYNCHR~1\EXTENS~2\TermServ\ts\DebugTSMA.txt" | |
| #Getting Cookie from file | |
| If (Test-Path $CookieFile –PathType leaf) | |
| { | |
| [byte[]] $Cookie = Get-Content -Encoding byte –Path $CookieFile | |
| } | |
| else | |
| { | |
| $Cookie = $null | |
| } | |
| if(!(Test-Path $DebugFilePath)) | |
| { | |
| $DebugFile = New-Item -Path $DebugFilePath -ItemType File | |
| } | |
| else | |
| { | |
| $DebugFile = Get-Item -Path $DebugFilePath | |
| } | |
| "Starting Import : " + (Get-Date) | Out-File $DebugFile -Append | |
| #region User | |
| $Properties = @("objectGuid","sAMAccountName","userPrincipalName","userParameters","isDeleted") | |
| #Running as FIM MA Account | |
| $RootDSE = [ADSI]"LDAP://RootDSE" | |
| $LDAPDirectory = New-Object System.DirectoryServices.Protocols.LdapDirectoryIdentifier($RootDSE.dnsHostName) | |
| $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($LDAPDirectory, $Credentials) | |
| $Request = New-Object System.DirectoryServices.Protocols.SearchRequest($RootDSE.defaultNamingContext, "(&(objectClass=user)(sAMAccountName=u*))", "Subtree", $Properties) | |
| #Defining the object type returned from searches for performance reasons. | |
| [System.DirectoryServices.Protocols.SearchResultEntry]$entry = $null | |
| if ($OperationType -eq "Full") | |
| { | |
| $Cookie = $null | |
| "Full Sync Run" | Out-File $DebugFile -Append | |
| } | |
| else | |
| { | |
| # delta run and we should use the cookie we already found | |
| "Delta Sync Run" | Out-File $DebugFile -Append | |
| } | |
| $DirSyncRC = New-Object System.DirectoryServices.Protocols.DirSyncRequestControl($Cookie, [System.DirectoryServices.Protocols.DirectorySynchronizationOptions]::IncrementalValues, [System.Int32]::MaxValue) | |
| $Request.Controls.Add($DirSyncRC) | Out-Null | |
| $MoreData = $true | |
| $Guids = @() | |
| while ($MoreData) | |
| { | |
| $Response = $LDAPConnection.SendRequest($Request) | |
| ForEach($entry in $Response.Entries) | |
| { | |
| #Check if this GUID already been handled to avoid adding duplicate objects | |
| If($Guids -contains ([GUID] $entry.Attributes["objectguid"][0]).ToString()){continue} | |
| # always add objectGuid and objectClass to all objects | |
| $obj = @{} | |
| $obj.Add("objectguid", ([GUID] $entry.Attributes["objectguid"][0]).ToString()) | |
| $obj.Add("objectClass", "user") | |
| if ( $entry.distinguishedName.Contains("CN=Deleted Objects")) | |
| { | |
| # this is a deleted object, so we return a changeType of 'delete'; default changeType is 'Add' | |
| $obj.Add("changeType", "Delete") | |
| } | |
| else | |
| { | |
| $obj.Add("accountName",$entry.Attributes["sAMAccountName"][0]) | |
| if ($entry.Attributes["userParameters"][0]){$obj.Add("TSUserParameters",$entry.Attributes["userParameters"][0])} | |
| # we need to get the directory entry to get the additional attributes | |
| [ADSI]$TSUser = "LDAP://$($entry.distinguishedName)" | |
| if ($entry.Attributes["userParameters"][0]) | |
| { | |
| Try | |
| { | |
| if ($TSUser.terminalServicesProfilePath.length -gt 0) | |
| { | |
| $obj.Add("TSProfilePath",$TSUser.terminalServicesProfilePath) | |
| } | |
| if ($TSUser.allowlogon.length -gt 0) | |
| { | |
| $obj.Add("TSAllowLogon",$TSUser.allowlogon) | |
| } | |
| if ($TSUser.terminalServicesHomeDirectory.length -gt 0) | |
| { | |
| $obj.Add("TSHomeDir",$TSUser.terminalServicesHomeDirectory) | |
| } | |
| if ($TSUser.terminalServicesHomeDrive.length -gt 0) | |
| { | |
| $obj.Add("TSHomeDrive",$TSUser.terminalServicesHomeDrive) | |
| } | |
| } | |
| Catch | |
| { | |
| $obj.Add("[ErrorName]", "Import Error") | |
| $obj.Add("[ErrorDetail]", $Error) | |
| Write-Progress "Caught Exception processing: $DirEntry" | Out-File $DebugFile -Append | |
| } | |
| } | |
| #Add Guid to list of processed guids to avoid duplication | |
| $Guids += ,([GUID] $entry.Attributes["objectguid"][0]).ToString() | |
| #Return the object to the MA | |
| $obj | |
| } | |
| } | |
| ForEach ($Control in $Response.Controls) | |
| { | |
| If ($Control.GetType().Name -eq "DirSyncResponseControl") | |
| { | |
| $Cookie = $Control.Cookie | |
| $MoreData = $Control.MoreData | |
| } | |
| } | |
| $DirSyncRC.Cookie = $Cookie | |
| } | |
| #Saving cookie file | |
| Set-Content -Value $Cookie -Encoding byte –Path $CookieFile | |
| $global:RunStepCustomData = [System.Convert]::ToBase64String($Cookie) | |
| #endregion | |
| "Ending Import : " + (Get-Date) | Out-File $DebugFile -Append |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment