Jonas Feller

Jonas Feller

IT Pro with a passion for PowerShell, automation and cloud technologies.

Query Terminal Services Profile Path of AD Users through PowerShell

1 minute read

If you like to query Terminal Services or Remote Desktop Server Profile Path with PowerShell you cannot use the Get-ADUser Cmdlet. Instead you have to go through ADSI. The Scripting Guy has explained this in detail on his blog: http://blogs.technet.com/b/heyscriptingguy/archive/2008/10/23/how-can-i-edit-terminal-server-profiles-for-users-in-active-directory.aspx

This works basically very well for all user object where the path for the Terminal Services Profile is set or was set sometime in the past and is now empty. But if you have a user object for which the Terminal Services settings in AD were never touched you get a funky error message:

Exception calling “InvokeGet” with “1” argument(s): “The directory property cannot be found in the cache.”

If you do an ad hoc query then this is not really a problem. But if you want to export the settings for all ad users into a CSV file the error will probably bother you.

So what we can do? If you have a look at the properties of the ADUser object, which the Get-ADUser Cmdlet returns, you can see that there is a property with the name “userProperties” with a cryptic value. That’s where the Terminal Services Profile Path is actually stored.

userparamaduser

But it the User Object had never set a Terminal Service Profile Path this property does simply not exist:

nouserparamaduser

Now, as workaround, you can first check for the existence of “userProperties” property before you query the Terminal Services Profile Path with ADSI. This could look like this:

$ADUsers = Get-ADUser -Filter $Filter -Properties *
      foreach ($UserObject in $ADUsers){
        If($UserObject.userParameters -eq $Null){
            $tsprops = @{
                "TerminalServicesallowLogon" = "1"
                "TerminalServicesHomeDirectory" = ""
                "TerminalServicesHomeDrive" = ""
                "TerminalServicesProfilePath" = ""
            }
        }
        Else
        {
            $ADSIObject = [adsi]"LDAP://$($UserObject.DistinguishedName)"

            $tsprops = @{
                "TerminalServicesallowLogon" = $ADSIObject.PSBase.invokeget("allowLogon")
                "TerminalServicesHomeDirectory" = $ADSIObject.PSBase.invokeget("TerminalServicesHomeDirectory")
                "TerminalServicesHomeDrive" = $ADSIObject.PSBase.invokeget("TerminalServicesHomeDrive")
                "TerminalServicesProfilePath" = $ADSIObject.PSBase.invokeget("TerminalServicesProfilePath")
            }
        }

Leave a comment

You may also enjoy

Using the SSH server in Windows Server 2019

5 minute read

Posted:

Yes, your are reading it right. Windows Server has now also a built in SSH Server for remote access. And it is not just any SSH server it is the popular Open...

Export and import Azure Blueprints definitions

2 minute read

Posted:

Azure Blueprints are relatively new and currently in public preview. With Azure Blueprint you can deploy and update a set of different Azure resources and co...