Thursday, January 14, 2016

New Azure RemoteApp PowerShell cmdlets to clean up stale AD objects

If you have been working with a Hybrid (domain joined) collection of Azure RemoteApp, you'll know that RD Session Host servers deployed as part of the collection will become members of your on premises Active Directory Domain.


Note that in the example above, two combinations of eight random letters objects are shown. That is because if you update your custom template image,  Azure RemoteApp can start a new eight random letters combination for the RD Session Host servers based on the updated template image.

What Azure RemoteApp currently does not do automatically however, is clean up the RD Session Host Computer objects based on the previously used Template Image. This means you will end up with orphaned computer objects in your Active Directory.

In November of last year I wrote the blog post Azure RemoteApp: Script to clean up orphaned RDSH computer objects in Active Directory. That blog post covered a PowerShell script I created that performs the clean up of these orphaned computer objects.

Now, Microsoft released a new version of Azure PowerShell. This new version (1.0.3) contains two new Cmdlets for Azure RemoteApp



These commands are:

Get-AzureRemoteAppVmStaleAdObject
Clear-AzureRemoteAppVmStaleAdObject

With these two commands you can perform the same tasks as with my PowerShell script, cleaning up orphaned computer objects, or as the PowerShell Cmdlet refers to as Stale AD objects.

How to use the commands?

In this example I'm running a Hybrid (Domain-Joined) Azure RemoteApp collection. Using the command Get-AzureRemoteAppVM we can retrieve the active RDSH servers for a particular collection


Note that there are currently 3 active RDSH servers. Looking at Active Directory we can see that there are 5 computer objects created by Azure RemoteApp, so we clearly have Stale AD objects.



The Cmdlet Get-AzureRemoteAppVmStaleAdObject confirms this:



We can now use the Clear-AzureRemoteAppVmStaleAdObject Cmdlet to remove these two Stale AD objects. We are being prompted before removal of each object, or can choose to Yes to all. Optionally add -confirm:$false to the PowerShell command to auto confirm the clean up for any object.



 The Stale AD objects for this collection are now successfully cleaned



Note that you need to run the new PowerShell CmdLets from a computer that is joined to your on premises domain because the CmdLets directly contact Active Directory.


1 comment:

  1. I'm getting this
    Get-AzureRemoteAppVmStaleAdObject : The user name or password is incorrect.
    At line:1 char:1
    + Get-AzureRemoteAppVmStaleAdObject -CollectionName standard
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : CloseError: (:) [Get-AzureRemoteAppVmStaleAdObject], AuthenticationException
    + FullyQualifiedErrorId : Microsoft.WindowsAzure.Management.RemoteApp.Cmdlets.GetAzureRemoteAppVmStaleAdObject

    I can run Get-AzureRemoteAppVM successfully.

    ReplyDelete