I'm calling powershell , to set the terminalservicesprofilepath on a user i've created, the web server is not a member of the domain that I'm modifying..
I remember writing powershell to do this to modify adnames of users long ago, but I can't remember how it did it, and my google-fu is failing me
$user = [ ADSI ] "LDAP://CN=abab.ababf,DC=AD,DC=JCSN,DC=org";
$user.psbase.Invokeset( "terminalservicesprofilepath", "\\ad\rds\ProfileAlaska\abab.ababf" );
$user.setinfo();
This is the snippet that does the work I took it from a larger script that worked.
I remember having to login to the remote server first... but how do I do that?
The problem turned out to be that the old stuff to set terminalsservicesprofilepath were too old to accept credentials, so I created a ps-session and wrapped them in invoke commands which did accept credentials.
Here is the complete solution I used, you'll probably have to do some fiddling with the parts that set up the computer.
public void DoRDP( string sAdName, string sRdpPath )
{
//SetTerminalServiceProfilePath();
string s= QueryTerminalServices( WtsApi32.WTSUserConfigTerminalServerProfilePath );
string sPowerShell = "" + "\n" +
//==============================================================================================
//== modify this swtuff to get run once only - EWB
//==============================================================================================
// # enaqble remoting to .ddd, do before new-session - ewb "+ (only needs to be done once)
"Enable-PSRemoting –force" + "\n" +
"Set-ExecutionPolicy Unrestricted" + "\n" +
// add the ad server to teh trusted hosts (only needs to be done once)
"winrm s winrm/config/client '@{TrustedHosts=\"xx.xx.xxx.xxx\"}'"+
// also need to give the app pool idenity user win RM Access, run teh following on the command line (change app pool user name, if in different app pool (it's jus the name of the app pool) - EWB
// https://learn.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities
// https://msdn.microsoft.com/en-us/library/aa384295(v=vs.85).aspx
// Note: this took like 30 min to have an effect, maybe try bouncing iis and the app pools?
"net localgroup WinRMRemoteWMIUsers__ /add \"ASP.NET v4.0 Classic\""+
//==============================================================================================
"import-module ActiveDirectory; " + "\n" +
@"$Username = 'ad\xxxx'; " + "\n" +
"$Password = 'xxxx'; " + "\n" +
"$pass = ConvertTo-SecureString -AsPlainText $Password -Force" + "\n" +
"$SecureString = $pass; " + "\n" +
//# Users with password securly"+
"$MySecureCreds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Username,$SecureString; " + "\n" +
"$s = New-PSSession -ComputerName xxxxx -Credential $MySecureCreds; " + "\n" +
"if ($null -eq $s) \n{ \nthrow \"Error creating the session, it was null\" \n}" + "\n" +
@"Invoke-Command -Session $s -ScriptBlock {$user = [ ADSI ] 'LDAP://CN=" + sAdName + ",OU=xxxx Users,OU=xxxx,OU=xxxx,DC=AD,DC=xx,DC=org'; }; " + "\n" +
@"Invoke-Command -Session $s -ScriptBlock {$user.psbase.Invokeset( 'terminalservicesprofilepath', '" + sRdpPath + "' ); }; " + "\n" +
"Invoke-Command -Session $s -ScriptBlock {$user.setinfo()}; " + "\n" +
"Remove-PSSession $s; " + "\n";
RunScript( sPowerShell );
}
/// <summary>
/// Runs the given powershell script and returns the script output.
/// </summary>
/// <param name = "scriptText" > the powershell script text to run</param>
/// <returns>output of the script</returns>
private string RunScript( string scriptText )
{
try
{
var powerShell = PowerShell.Create().AddScript( scriptText );
var results = powerShell.Invoke();
var resList = results.ToList();
foreach ( dynamic item in resList )
{
if( item == null )
{
log.Trace( "item is null" );
}
else
{
log.Trace( item.ToString() );
}
}
return "";
}
catch ( Exception ex )
{
throw;
}
}