Terminal Services properties is definitely a set of properties you would want to bulk-manage, and as we all know PowerShell is the best tool for any bulk operations.
We have recently (in the AD cmdlets 1.0.6 drop) improved the experience here (thanks to requests from Simon and George) and there are a few gotchas to keep in mind - so I thought I would summarize this all in one blog post.
Getting TS attributes
Retrieving terminal services properties is easy. You just execute Get-QADUser and the objects retrieved will have the corresponding properties - for your convenience, all starting with Ts.
PS C:\> get-qaduser "Dmitry Sotnikov" | format-list Ts*
TsProfilePath : \\server\tsprofiles\DSotnikov
TsHomeDirectory : \\server\tshome\DSotnikov
TsHomeDrive : P:
TsAllowLogon : True
TsRemoteControl : 0
TsMaxDisconnectionTime : 00:00:00
TsMaxConnectionTime : 00:00:00
TsMaxIdleTime : 00:00:00
TsReconnectionAction : 1
TsBrokenConnectionAction : 0
TsConnectClientDrives : True
TsConnectPrinterDrives : True
TsDefaultToMainPrinter : True
TsWorkDirectory : c:\
TsInitialProgram : C:\Program Files\Quest\Initialize.exe
Important: Terminal services properties are only available when AD cmdlets are run on Windows Server 2003 or 2008. Workstation operating systems (XP, Vista) do not support programmatic TS administration so the properties will not be retrieved.
[Update] See these instructions on enabling Terminal Services management on XP and Vista.
Changing TS attributes
TS properties are not (yet) available as Set-QADUser parameters and need to be changed as properties of retrived objects as shown in the example below:
$u = get-qaduser dsotnikov
$u.TsProfilePath = 'c:\profile'
$u.CommitChanges()
[Update] With AD cmdlets 1.1.1 Set-QADUser exposes all the TS attributes as its parameters so changing TS attributes is now much easier:
get-qaduser -searchroot mydomain.local/uk/london | set-qaduser -TsHomeDrive 'P:'
Again, make sure you follow the system requirements.
Property reference
Here’s a quick reference to the properties (I borrowed some of the descriptions from the MSDN page):
| Property | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TsProfilePath | Roaming or mandatory profile path to use when the user logs on to the terminal server. The profile path is in the following network path format:\\ServerName\profiles folder name\UserName
Note A Terminal Services profile path is used only for logging on to a terminal server. |
||||||||||||
| TsHomeDirectory | Home directory for the user. Each user on a terminal server has a unique home directory. This ensures that application information is stored separately for each user in a multi-user environment.To set a home directory on the local computer, specify a local path; for example, C:\Path. To set a home directory in a network environment, you must first set the TsHomeDrive property, and then set this property to a UNC path. | ||||||||||||
| TsHomeDrive | Home drive for the user. In a network environment, this property is a string containing a drive specification (a drive letter followed by a colon) to which the UNC path specified in the TsHomeDirectory property is mapped.To set a home directory in a network environment, you must first set this property and then set the TsHomeDirectory property. | ||||||||||||
| TsAllowLogon | Value that specifies whether the user is allowed to log on to the terminal server. | ||||||||||||
| TsEnableRemoteControl | Value that specifies whether to allow remote observation or remote control of the user’s Terminal Services session. For a description of these values, see the RemoteControl method of the Win32_TSRemoteControlSetting WMI class.
|
||||||||||||
| TsMaxDisconnectionTime | Maximum amount of time, in minutes, that a disconnected Terminal Services session remains active on the terminal server. After the specified number of minutes have elapsed, the session is terminated. | ||||||||||||
| TsMaxConnectionTime | Maximum duration, in minutes, of the Terminal Services session. After the specified number of minutes have elapsed, the session can be disconnected or terminated. | ||||||||||||
| TsMaxIdleTime | Maximum amount of time, in minutes, that the Terminal Services session can remain idle. After the specified number of minutes have elapsed, the session can be disconnected or terminated. | ||||||||||||
| TsReconnectionAction | Value that specifies whether to allow reconnection to a disconnected Terminal Services session from any client computer. The value is 1 if reconnection is allowed from the original client computer only, and 0 if reconnection from any client computer is allowed.
Note This property currently is not used by Windows Server Terminal Services. |
||||||||||||
| TsBrokenConnectionAction | Value that specifies the action to take when a Terminal Services session limit is reached. The value is 1 if the client session should be terminated, and 0 if the client session should be disconnected. | ||||||||||||
| TsConnectClientDrivesAtLogon | Value that specifies whether to reconnect to mapped client drives at logon. The value is 1 if reconnection is enabled, and 0 if reconnection is disabled.
Note This property currently is not used by Windows Server Terminal Services. |
||||||||||||
| TsConnectClientPrintersAtLogon | Value that specifies whether to reconnect to mapped client printers at logon. The value is 1 if reconnection is enabled, and 0 if reconnection is disabled. | ||||||||||||
| TsDefaultToMainPrinter | Value that specifies whether to print automatically to the client’s default printer. The value is 1 if printing to the client’s default printer is enabled, and 0 if it is disabled. | ||||||||||||
| TsWorkDirectory | Working directory path for the user.To set an initial application to start when the user logs on to the terminal server, you must first set the TsInitialProgram property, and then set this property. | ||||||||||||
| TsInitialProgram | Path and file name of the application that the user wants to start automatically when the user logs on to the terminal server.To set an initial application to start when the user logs on, you must first set this property and then set the TsWorkDirectory property. If you set only the TsInitialProgram property, the application starts in the user’s session in the default user directory. |
Tags: AD, AD cmdlets, Active Directory, Examples, cmdlets, one-liner, oneliner
Subscribe by email
Now that is AD-ded value
Greetings /\/\o\/\/
Sounds like a great blog name.
Thanks.
The string “$u.CommitChanges()” helped me.
Actually, changing these properties is much easier now. With 1.1 Set-QADUser gets a bunch of additional parameters modifying the attributes, so CommitChanges() is now longer required: http://dmitrysotnikov.wordpress.com/2008/05/02/whats-new-in-ad-cmdlets-110/
So instead of the 3 lines in the example above, you can just do:
Set-QADUser dsotnikov -TsProfilePath ‘c:\profile’
Is it possible to change TsWorkDirectory and TsInitialProgram for an account of a local user on standalone Win2k3 server?
Alexandr,
This is possible but would require some .NET to be used inside PowerShell.
See this MSDN page: http://msdn.microsoft.com/en-us/library/aa380823.aspx - for the interface description and a few (non-PowerShell) examples at the bottom.
If you get stuck, I would recommend that you post the questions to our discussion forums: http://www.powergui.org/forumindex.jspa?categoryID=55
There are plenty of guys out there who are smarter than me, and will hopefully be willing to help.
Dmitry