Terminal Services properties is definitely a set of properties you would want to bulk-manage, and as we all know PowerShell is the best tool for any bulk operations.
We have recently (in the AD cmdlets 1.0.6 drop) improved the experience here (thanks to requests from Simon and George) and there are a few gotchas to keep in mind – so I thought I would summarize this all in one blog post.
Getting TS attributes
Retrieving terminal services properties is easy. You just execute Get-QADUser and the objects retrieved will have the corresponding properties – for your convenience, all starting with Ts.
PS C:\> get-qaduser "Dmitry Sotnikov" | format-list Ts*
TsProfilePath : \\server\tsprofiles\DSotnikov
TsHomeDirectory : \\server\tshome\DSotnikov
TsHomeDrive : P:
TsAllowLogon : True
TsRemoteControl : 0
TsMaxDisconnectionTime : 00:00:00
TsMaxConnectionTime : 00:00:00
TsMaxIdleTime : 00:00:00
TsReconnectionAction : 1
TsBrokenConnectionAction : 0
TsConnectClientDrives : True
TsConnectPrinterDrives : True
TsDefaultToMainPrinter : True
TsWorkDirectory : c:\
TsInitialProgram : C:\Program Files\Quest\Initialize.exe
Important: Terminal services properties are only available when AD cmdlets are run on Windows Server 2003 or 2008. Workstation operating systems (XP, Vista) do not support programmatic TS administration so the properties will not be retrieved.
[Update] See these instructions on enabling Terminal Services management on XP and Vista.
Changing TS attributes
TS properties are not (yet) available as Set-QADUser parameters and need to be changed as properties of retrived objects as shown in the example below:
$u = get-qaduser dsotnikov
$u.TsProfilePath = 'c:\profile'
$u.CommitChanges()
[Update] With AD cmdlets 1.1.1 Set-QADUser exposes all the TS attributes as its parameters so changing TS attributes is now much easier:
get-qaduser -searchroot mydomain.local/uk/london | set-qaduser -TsHomeDrive 'P:'
Again, make sure you follow the system requirements.
Property reference
Here’s a quick reference to the properties (I borrowed some of the descriptions from the MSDN page):
| Property | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TsProfilePath | Roaming or mandatory profile path to use when the user logs on to the terminal server. The profile path is in the following network path format:\\ServerName\profiles folder name\UserName
Note A Terminal Services profile path is used only for logging on to a terminal server. |
||||||||||||
| TsHomeDirectory | Home directory for the user. Each user on a terminal server has a unique home directory. This ensures that application information is stored separately for each user in a multi-user environment.To set a home directory on the local computer, specify a local path; for example, C:\Path. To set a home directory in a network environment, you must first set the TsHomeDrive property, and then set this property to a UNC path. | ||||||||||||
| TsHomeDrive | Home drive for the user. In a network environment, this property is a string containing a drive specification (a drive letter followed by a colon) to which the UNC path specified in the TsHomeDirectory property is mapped.To set a home directory in a network environment, you must first set this property and then set the TsHomeDirectory property. | ||||||||||||
| TsAllowLogon | Value that specifies whether the user is allowed to log on to the terminal server. | ||||||||||||
| TsEnableRemoteControl | Value that specifies whether to allow remote observation or remote control of the user’s Terminal Services session. For a description of these values, see the RemoteControl method of the Win32_TSRemoteControlSetting WMI class.
|
||||||||||||
| TsMaxDisconnectionTime | Maximum amount of time, in minutes, that a disconnected Terminal Services session remains active on the terminal server. After the specified number of minutes have elapsed, the session is terminated. | ||||||||||||
| TsMaxConnectionTime | Maximum duration, in minutes, of the Terminal Services session. After the specified number of minutes have elapsed, the session can be disconnected or terminated. | ||||||||||||
| TsMaxIdleTime | Maximum amount of time, in minutes, that the Terminal Services session can remain idle. After the specified number of minutes have elapsed, the session can be disconnected or terminated. | ||||||||||||
| TsReconnectionAction | Value that specifies whether to allow reconnection to a disconnected Terminal Services session from any client computer. The value is 1 if reconnection is allowed from the original client computer only, and 0 if reconnection from any client computer is allowed.
Note This property currently is not used by Windows Server Terminal Services. |
||||||||||||
| TsBrokenConnectionAction | Value that specifies the action to take when a Terminal Services session limit is reached. The value is 1 if the client session should be terminated, and 0 if the client session should be disconnected. | ||||||||||||
| TsConnectClientDrivesAtLogon | Value that specifies whether to reconnect to mapped client drives at logon. The value is 1 if reconnection is enabled, and 0 if reconnection is disabled.
Note This property currently is not used by Windows Server Terminal Services. |
||||||||||||
| TsConnectClientPrintersAtLogon | Value that specifies whether to reconnect to mapped client printers at logon. The value is 1 if reconnection is enabled, and 0 if reconnection is disabled. | ||||||||||||
| TsDefaultToMainPrinter | Value that specifies whether to print automatically to the client’s default printer. The value is 1 if printing to the client’s default printer is enabled, and 0 if it is disabled. | ||||||||||||
| TsWorkDirectory | Working directory path for the user.To set an initial application to start when the user logs on to the terminal server, you must first set the TsInitialProgram property, and then set this property. | ||||||||||||
| TsInitialProgram | Path and file name of the application that the user wants to start automatically when the user logs on to the terminal server.To set an initial application to start when the user logs on, you must first set this property and then set the TsWorkDirectory property. If you set only the TsInitialProgram property, the application starts in the user’s session in the default user directory. |
Tags: AD, AD cmdlets, Active Directory, Examples, cmdlets, one-liner, oneliner
Subscribe by email
Now that is AD-ded value 😉
Greetings /\/\o\/\/
Sounds like a great blog name. 😉
Thanks.
The string “$u.CommitChanges()” helped me.
Actually, changing these properties is much easier now. With 1.1 Set-QADUser gets a bunch of additional parameters modifying the attributes, so CommitChanges() is now longer required: https://dmitrysotnikov.wordpress.com/2008/05/02/whats-new-in-ad-cmdlets-110/
So instead of the 3 lines in the example above, you can just do:
Set-QADUser dsotnikov -TsProfilePath ‘c:\profile’
Is it possible to change TsWorkDirectory and TsInitialProgram for an account of a local user on standalone Win2k3 server?
Alexandr,
This is possible but would require some .NET to be used inside PowerShell.
See this MSDN page: http://msdn.microsoft.com/en-us/library/aa380823.aspx – for the interface description and a few (non-PowerShell) examples at the bottom.
If you get stuck, I would recommend that you post the questions to our discussion forums: http://www.powergui.org/forumindex.jspa?categoryID=55
There are plenty of guys out there who are smarter than me, and will hopefully be willing to help.
Dmitry
Hi, I am trying to set TS Profile Path, Home Drive and Home Directory using the following code:
$TSUser = Get-QADuser $SAMacc #SAMacc is the Login ID of the user
$TSProfilePath = “\\SERVER\CitrixProfiles$” #works
$TSHomeDir = “\\SERVER\$ShareName” #$sharename is the Home Drive Share created earlier in the script
$HDrive = “H:”
$TSUser.TsHomeDirectory = $TSHomeDir
$TSUser.TsHomeDrive = $HDrive
$TSUser.TsProfilePath = ($TSProfilePath+”\”+$SAMacc) #works
$TSUser.CommitChanges()
And am getting the following error:
Exception setting “TsHomeDirectory”: “Exception from HRESULT: 0x80005008”
At line:34 char:9
+ $TSUser.T <<<< sHomeDirectory = $TSHomeDir
Can you tell me what I am doing wrong to get this error?
Also, how can I set the Login script? I have tried the following:
$TSUser.LogonScript “Logon.exe”
Which doesn’t seem to do the trick.
Thanks,
Matt
I’m pretty new to Powershell scripting, but I’m assuming you have to put the home drive first, and then the home directory.
Again, i could be wrong, but perhaps this could help 🙂
$TSUser.TsHomeDrive = $HDrive
$TSUser.TsHomeDirectory = $TSHomeDir
If this does not help, please post the question to the Active Directory PowerShell forum here: http://powergui.org/forum.jspa?forumID=173
Hi guys,
I’m wandering how to remove TsInitalProgram and TsWorkDirectory (not to start anyprogram at logon).
Setting these values works just fine, but when I want to put it bac to default I have problems.
I tried with Set-QADUser -Identity ‘identity’ -TsInitialProgram ” -TsWorkDirectory ”
and
Set-QADUser -Identity ‘identity’ -TsInitialProgram $null -TsWorkDirectory $null
but I get following error:
“The specified directory service attribute or value does not exist”.
Thanks
Dmitry,
set-qaduser $_ -TsProfilePath works for everything but $null or ”. That is I can’t seem to set the TsProfilePath to nothing?
Thanks,
Ying
Same issue reported here
http://www.powergui.org/thread.jspa?threadID=14336
I just tried using –TsMaxDisconnectionTime ’30’ and above it says the entry is in minutes. After running this I got 30 days for my timeout. So what is the proper input parameter to make this be in minutes?
Josh,
TsMaxDisconnectionTime is a TimeSpan. So if you need 30 minutes you can use something like that to get the value:
(New-TimeSpan -Minutes 30)
Dmitry
Why is this post completely blank? Puzzling.
James, disable your browser AdBlock add-on for the page and everything will come back. This is AdBlock / WordPress compatibility issue.
Does anyone know why when I get-qaduser | fl on Win7 I get empty Ts* properties? When I run on Win2k8 it comes back with values? What else do I need to install on Win7 to make it work?
I think you had a discussion on this already that points to: http://blogs.technet.com/b/askds/archive/2008/03/31/rsat-and-aduc-getting-the-terminal-services-tabs-to-appear-in-ad-users-and-computers.aspx
and
http://support.microsoft.com/default.aspx?scid=kb;EN-US;960890
Win7 issue is covered here:
http://support.microsoft.com/kb/2028835