Search code examples
attributesactive-directoryremote-desktopterminal-serviceschangelog

How to get terminal services property values in Active Directory from userParameters attribute

I am using dirsync to get the attributes value that have changed in Active Directory(changelog). The following link explains how the dirsync is used to get attribute values :

'http://blogs.technet.com/b/isrpfeplat/archive/2010/09/20/using-the-dirsync-control.aspx'

I am changing the attribute Local path under Remote Desktop Services Profile of a user. I have ran a client which uses dirsync to get the changed objects in AD. In the client the attribute that is changed is userParameters and the value is in encrypted form. 

CtxCfgPresent                                   P☺CtxCfgPresent???? ☻☺CtxWFProfi
lePath?↑→☺CtxWFHomeDir?????????????"☻☺CtxWFHomeDirDrive?☺CtxShadow????☺CtxMaxDis
connectionTime????☺CtxMaxConnectionTime????☺CtxMaxIdleTime???? ☻☺CtxWorkDirector
y?☺CtxCfgFlags1????"☻☺CtxInitialProgram?

Is there a way to get the actual value form the userParameters.

Solution

  • Method 1: Parse yourself :)

    Structure of the info is described in the [MS-TSTS] spec:

    http://msdn.microsoft.com/en-us/library/ff635189.aspx

    Method 2: IADsTSUserEx interface

    For example, in C#:

    DirectoryEntry userEntry = new DirectoryEntry("LDAP://domain.com/CN=user1,CN=Users,DC=domain,DC=com", "user", "pwd")
IADsTSUserEx tsUser = userEntry.NativeObject as IADsTSUserEx;

    Definition of IADsTSUserEx is something like this:
    (I only need to read the info in my project, so only have the getter but no setter)

    [
ComImport,
InterfaceType(ComInterfaceType.InterfaceIsIDispatch),
Guid("C4930E79-2989-4462-8A60-2FCF2F2955EF")
]
private interface IADsTSUserEx
{
    string TerminalServicesProfilePath { get;}
    string TerminalServicesHomeDirectory { get;}
    string TerminalServicesHomeDrive { get;}
    bool AllowLogon { get;}
    long EnableRemoteControl { get;}
    long MaxDisconnectionTime { get;}
    long MaxConnectionTime { get;}
    long MaxIdleTime { get;}
    int ReconnectionAction { get;}
    int BrokenConnectionAction { get;}
    bool ConnectClientDrivesAtLogon { get;}
    bool ConnectClientPrintersAtLogon { get;}
    bool DefaultToMainPrinter { get;}
    string TerminalServicesWorkDirectory { get;}
    string TerminalServicesInitialProgram { get;}
}

    You may also use other scripting language, which will be simpler than C#.

    vbscript:

    http://www.wisesoft.co.uk/scripts/vbscript_read-write_terminal_services_settings.aspx

    PowerShell:

    http://blogs.technet.com/b/heyscriptingguy/archive/2008/10/23/how-can-i-edit-terminal-server-profiles-for-users-in-active-directory.aspx