0 votes

I tried following the instructions in this tutorial:
http://adaxes.com/tutorials_AutomatingD ... wUsers.htm

When I get to the section "In the dialog that opens, select the Remote Desktop Services Settings property in the Property to modify field.", no option for "Remote Desktop Services Setting" is available, even if I select the "Show all properties (Alt+A)"

Thanks in advance.

by (1.1k points)

1 Answer

0 votes
by (215k points)

Hello,

Probably, you are using an old version of Adaxes. The property was renamed in one of our later versions. In your version, the Remote Desktop Services Settings property may be called User Parameters.

0

Thanks! That worked.

As far as the "old version", I am currently using the Demo, so maybe it is based on an older build.

Check for Updates says "No new product versions available at the moment"

I am running Adaxes 2012.1
v3.3.8906.0 (64 bit)

0

As a followup to setting the Terminal Services Profile Path, I would like to create a Business Rule to delete the TS folder upon account deletion.

There is an Action to delete the Home Directory, but I don't see anything for the TS Profile folder.

Would this need to be done via a PowerShell Script?

0

Hello,

Check for Updates says "No new product versions available at the moment"
I am running Adaxes 2012.1
v3.3.8906.0 (64 bit)

Sorry, my fault. The property will be renamed in the new version that we are about to release soon. Adaxes 2012.1 build 3.3.8906.0 is the latest released version so far.

There is an Action to delete the Home Directory, but I don't see anything for the TS Profile folder.

Yes, to delete a user's Terminal Services Profile folder, you need to use a PowerShell script. Here it is:

# Get Remote Desktop Services profile path
$rdsProfilePath = $Context.TargetObject.TerminalServicesProfilePath

if($rdsProfilePath -eq $NULL)
{
    return
}

# Test the Remote Desktop Services profile path
if(!(Test-Path -Path $rdsProfilePath))
{
    $Context.LogMessage("Incorrect Remote Desktop Services profile path: $rdsProfilePath", "Error") # TODO: modify me
    return
}

# Delete Remote Desktop Services profile
Remove-Item -Path $rdsProfilePath -Force -Recurse

You can add this script to your Business Rules, Custom Commands and Scheduled Tasks using the Run a program or PowerShell script action. For example, if you want to delete the user's TS Profile folder when deleting users, you may add the Run a program or PowerShell script action that executes the above script to the Inactive User Deleter built in Scheduled Task.

0

I tried adding the sciprt, and when testing, I got the following error in the Operation Execution Log:
The parameter is incorrect

I am not sure if this is due to the folder permissions where the user is the owner, and the only other account that has access is SYSTEM. I usually have to take ownership of the folder before deleting it when doing it manually.

Also, when deleting the Home Directory, I got the following error in the Operation Execution Log:
Access to the path '\\SERVER\homedir\ztest\My Documents'

The account deleted even if the 2 actions failed.

0

Hello,

Yes, this seems to be a permissions issue. We've already given our script guy the task to modify the script. As soon as he comes up with something, we'll investigate the issue.

The account deleted even if the 2 actions failed.

If you don't want the account to be deleted if deleting the home directory and the TS profile folder fails, then we suggest that all the three actions be combined in a single PowerShell script, and the account would be deleted only if the TS profile and home folders are successfully deleted.

0

Hello,

Our script guy has finished his job. Find below a modified version of the script that does 3 things:

  1. Takes ownership of and deletes the user's Remote Desktop Services Profile folder.
  2. Takes ownership of and deletes the user's Home Folder.
  3. If the above two actions were successful (the script managed to delete the folders, or the specified folders were not set in the user's properties, or the specified folders were set in the user's properties, but were not found at the specified location), deletes the user account. If the script doesn't manage to delete one of the folders, it will exit with an error and will not delete the target user account.
# Get name of the user who invokes the script
$adminName = "$env:userdomain\$env:username" 

# Function to get full access to all subdirectories in a directory
function GrantFullControlForDirectory($directoryPath, $username, $directoryWithFullPermission)
{
    if($directoryWithFullPermission.Contains($directoryPath))
    {
        return
    }
    $directoryWithFullPermission.Add($directoryPath) | Out-Null

    $directory = Get-Item -Path $directoryPath -Force

    # Change directory owner
    $ownerAcl = New-Object "System.Security.AccessControl.DirectorySecurity"
    $ownerID = New-Object "System.Security.Principal.NTAccount" $username
    $ownerAcl.SetOwner($ownerID)

    $directory.SetAccessControl($ownerAcl)

    # Set the Full Access permission
    $directoryAcl = Get-Acl $directoryPath
    $fullPermission = New-Object "System.Security.AccessControl.FileSystemAccessRule" $userName, "FullControl","ContainerInherit, ObjectInherit", "None", "Allow"
    $directoryAcl.SetAccessRule($fullPermission)

    Set-Acl -Path $directoryPath -AclObject $directoryAcl

    $childItems = Get-ChildItem -Path $directoryPath -Force

    if($childItems -eq $NULL)
    {
        return
    }

    foreach($item in $childItems)
    {
        if($item -is [System.IO.DirectoryInfo])
        {
            GrantFullControlForDirectory $item.FullName $username $directoryWithFullPermission
        }
    }
}

# Function to get full access to all files in a directory
function GrantFullControlForFiles($directoryPath, $username)
{
    # Get full access to all files in the directory
    $allFilePaths = [System.IO.Directory]::GetFiles($directoryPath,"*","AllDirectories")
    foreach($filePath in $allFilePaths)
    {
        $file = Get-Item -Path $filePath -Force

        # Change owner
        $ownerAcl = New-Object "System.Security.AccessControl.FileSecurity"
        $ownerID = New-Object "System.Security.Principal.NTAccount" $username
        $ownerAcl.SetOwner($ownerID)

        $file.SetAccessControl($ownerAcl)

        # Set Full Access permission
        $fileAcl = Get-Acl $filePath
        $fullPermission = New-Object "System.Security.AccessControl.FileSystemAccessRule" $username, "FullControl", "Allow"
        $fileAcl.SetAccessRule($fullPermission)

        Set-Acl -Path $filePath -AclObject $fileAcl
    }
}
$directoryWithFullPermission = New-Object "System.Collections.Generic.HashSet[System.String]"

# Get Remote Desktop Services profile path
$rdsProfilePath = $Context.TargetObject.TerminalServicesProfilePath

if($rdsProfilePath -ne $NULL)
{
    # Remove the Remote Desktop Services profile folder
    # Test the Remote Desktop Services profile path
    if(!(Test-Path -Path $rdsProfilePath))
    {
        $Context.LogMessage("Remote Desktop Services profile path: $rdsProfilePath was not found", "Error") # TODO: modify me
    }
    else
    {
        GrantFullControlForDirectory $rdsProfilePath $adminName $directoryWithFullPermission
        GrantFullControlForFiles $rdsProfilePath $adminName

        try
        {
            Remove-Item -Path $rdsProfilePath -Force -Recurse -ErrorAction Stop
        }
        catch
        {
            $Context.LogMessage($_.Exception.Message, "Error") # TODO: modify me
            return
        }
    }
}
else
{
    $Context.LogMessage("No Remote Desktop Services profile path specified", "Information") # TODO: modify me
}

# Get Home Directory path
try
{
    $homeDirectoryPath = $Context.TargetObject.Get("homeDirectory")
}
catch
{
    $Context.LogMessage("Home directory path not specified.", "Error") # TODO: modify me
    $homeDirectoryPath = $NULL
}

if($homeDirectoryPath -ne $NULL)
{
    # Remove the home folder
    # Test the home folder path
    if(!(Test-Path -Path $homeDirectoryPath))
    {
        $Context.LogMessage("Home directory path: $homeDirectoryPath not found", "Error") # TODO: modify me
    }
    else
    {
        GrantFullControlForDirectory $homeDirectoryPath $adminName $directoryWithFullPermission
        GrantFullControlForFiles $homeDirectoryPath $adminName

        try
        {
            Remove-Item -Path $homeDirectoryPath -Force -Recurse -ErrorAction Stop
        }
        catch
        {
            $Context.LogMessage($_.Exception.Message, "Information") # TODO: modify me
            return
        }
    }
}

# Delete the user
$Context.TargetObject.DeleteObject("ADM_DELETEOBJECTFLAGS_AUTO")
0

Thanks! Works great!

I removed the last 2 lines which delete the user as I was getting the following error.
The 'Test, Zach (domain.com\Users\Testing)' object does not exist.

It was because it was trying to delete the object after it was already deleted.

Related questions

0 votes
0 answers

Hi- We been noticing with some of our users that when we update the profile path within the terminal services profile section using Adaxes, it isn't reflected in Active Directory. When ... successfully. when I hit OK and try to view it isn't saved. Any ideas?

asked May 7, 2014 by MeliOnTheJob (1.7k points)
0 votes
1 answer

Is is possible to modify the properties on the Terminal Services tab through Adaxes? I tried using a "Modify the user" action and added ms-TS-Profile-Path but it didn't set the Terminal Services profile path for the user I ran it on. Thanks

asked May 8, 2012 by bemho (520 points)
0 votes
1 answer

Hi guys, We currently have one O365 Tenant configured in Adaxes. We automatically assign an O365 plan (E3) with some services enabled to some users. It would be ... enable Exchange Online and Lync Online for a range of users. Thanks in advance Regards

asked Nov 24, 2016 by smasset (730 points)
0 votes
1 answer

Hello - Currently we are on v 2013.1 version 3.59329. I'd like to upgrade to the latest. Would the below path correct and is there anything I need to know prior to upgrading? 2013.1 -> 2014.1 -> 2015 ? Thank You

asked Jul 17, 2015 by MeliOnTheJob (1.7k points)
0 votes
1 answer

In the Reports section, there is an option to view "All Users" and then export the view. There is also an option to include additional columns. If I include "Manager", ... along with the complete AD path gets exported. Is it possible to export only the name?

asked Jan 14, 2014 by sdavidson (730 points)
2,599 questions
2,338 answers
6,212 comments
843,678 users