Manage users in Azure RemoteApp based on Active Directory groups, with PowerShell!

Prior to December 11/12/2014 Azure RemoteApp supported functionality to authorize users to an Azure RemoteApp Collection based on Azure Active Directory group membership.

However, this feature was deprecated starting from 11/12/2014. Also see: As of 11/12/2014 ‘Active Directory group’ support for Azure RemoteApp will be deprecated.

The statement that Microsoft made related to this change:

“…Continuous changes to user groups' membership, especially when that group owner is different from RDS admin, make billing and usage less predictable. Because of this, we are deprecating user group support in Azure RemoteApp…”

As a result, the only way to add users in bulk is using the .CSV bulk import option. You can find more info on that here: Introducing CSV based user import

To allow for easier management I wrote a PowerShell Script that synchronizes users to a Azure RemoteApp Collection based on Active Directory Group Membership.

The script will do the following, based on a specified Active Directory group & Azure RemoteApp Collection;

- Add users to an Azure RemoteApp collection who are a member of the AD group
- Remove users from an Azure RemoteApp collection who are not a member of the AD group anymore

This will result in only allowing access to, and being billed for, users that are added to an Active Directory group.

Below is a sample output in a scenario where 4 new users were added to the group and 4 other users were removed. When finished the scripts outputs the users currently allowed access to the Collection.

If needed you could create a Scheduled Task, or maybe even better in Azure Automation and have this run periodically and include the action to add users to the AD group in your current Identify Management solution.

The Azure Portal below reflects the changes instantly.

I uploaded the PowerShell script to TechNet Gallery, get the link here:

https://gallery.technet.microsoft.com/Manage-users-in-Azure-f793aea7

The PowerShell script obviously requires the modules of both Active Directory and Azure and a Azure Publish Settings file to be able to connect to Azure for Remote Management.

2 notes of caution:

- Any user that is not a member of group specific in the script will be removed from the Azure RemoteApp Collection, without a warning. So make sure the group contains all users that need access to the collection

- You will be billed by Azure based on the number of users that have been allowed access. So make sure that the group specific in the script only contains members that actually need access.

Manage Azure RemoteApp using PowerShell!

We’ve been waiting for this one! The Azure PowerShell team has just released version 0.8.15. This version contains a new module that allows managing Azure RemoteApp using PowerShell!

Get the latest version here: http://go.microsoft.com/?linkid=9811175&clcid=0x409

The commands related to Azure RemoteApp are all in it, for example:

 

Prior to this availability, I was already able to play with it when the commands were still in beta, they were contained in a separate module. To get an overview of all the commands related to Azure RemoteApp type get-command -noun azureremoteapp*

 

The product team will also release a announcement on this soon!

Customizing the RDCB HA client Access DNS name using PowerShell on Windows Server 2012

After setting on High Availability for the RD Connection Broker role the RDCB HA client Access DNS name can be viewed using the Server Manager, however, this value is read-only.


In order to change this value we can use PowerShell and make use of the command
Set-RDClientAccessName
Parameter Set: __AllParameterSets
Set-RDClientAccessName [[-ConnectionBroker] <String> ] [-ClientAccessName] <String> [ <CommonParameters>]

For an example how to view the current name and change it, see the powershell commands below. Note that all RD Connection broker servers have to be running in order to change this value.


The value is now successfully changed and visible in the Remote Desktop Management Service (RDMS) Server Manager Console;

Microsoft RDV Team: Easier User Data Management with User Profile Disks in Windows Server 2012

Rob Leitman, a developer working on the Remote Desktop Virtualization team posted a new blog on MSDN about User Profile Disks. Some of the advantages and thinks to remember below.

“…User profile disks offer several advantages:

• Configuration and deployment is simpler than roaming profiles or folder redirection.
• User profiles can be maintained even on pooled virtual desktops that get rolled back after logoff.
• Logon and logoff times are reduced.
• Previously, profiles could be corrupted if used simultaneously on multiple computers. User profile disks are specific to the collection, so they can’t be used on multiple computers simultaneously.
• Administrators can have granular control of exactly which locations get saved to the virtual hard disk (VHDX).
• User profile disks can be stored on Server Message Block (SMB) shares, cluster shared volumes, SANs, or local storage.
• In pooled virtual desktop collections, user profile disks work with virtual machines running both Windows 8 and Windows 7 with Service Pack 1 (SP1).

Some things to remember about user profile disks:

• User profile disks are available only in pooled virtual desktop collections and session collections—not in personal virtual desktop collections.
• Share permissions are automatically set up by the management tools.
• Use Server Manager or Windows PowerShell to manage user profile disks.
• User profile disks are for a single collection only. A user connecting to two different collections will have two separate profiles. If you want to synchronize settings, refer to Microsoft User Experience Virtualization…”

Source and complete blog post:
http://blogs.msdn.com/b/rds/archive/2012/11/13/easier-user-data-management-with-user-profile-disks-in-windows-server-2012.aspx

New Article: Using PowerShell to control RDS in Windows Server 2012 (Part 2)

A few weeks ago I did a first article on using PowerShell to control RDS in Windows Server 2012. Today the part II of this article has been release on virtualizationadmin.com. Read it here:

Using PowerShell to control RDS in Windows Server 2012 (Part 2)

“…Introduction. In a previous article, I discussed how to use PowerShell to set up a basic Remote Desktop Services environment. In that article, amongst other things, we discussed how to do a quick RDS deployment, add a Session Collection and add a RemoteApp. In this article we’ll dive a little bit deeper into PowerShell for RDS to take a look at how we can even further automate the installation, configuration and maintenance of Remote Desktop Services using the new PowerShell commands available with Windows Server 2012.…”

Source: http://www.virtualizationadmin.com/articles-tutorials/vdi-articles/general/using-powershell-control-rds-windows-server-2012-Part2.html

RDV team blog post: virtual machine-based desktop deployment using PowerShell

 

Yesterday my article post “Using PowerShell to control RDS in Windows Server 2012” was published. That article had a focus on Session Based Deployment using PowerShell. Today Omair Gillani, a program manager on the Microsoft Remote Desktop Virtualization team published a great new post on using PowerShell for RDS as well. This post has a focus on virtual machine-based desktop deployment.

Read it here: http://blogs.msdn.com/b/rds/archive/2012/07/18/setting-up-a-new-remote-desktop-services-deployment-using-windows-powershell.aspx

New article: Using PowerShell to control RDS in Windows Server 2012

My new article entitled "Using PowerShell to control RDS in Windows Server 2012" on virtualizationadmin.com just got published. In this article I do dive into some of the new PowerShell commands for the Remote Desktop Services scenarios that are available with Windows Server 2012. The article discusses the installation of a RDS deployment, the creation of a Session Collection and the creation of RemoteApps. All using Powershell. I’m already working on a part II of this article in which we’ll dive even deeper. Stay tuned!

“…Introduction. PowerShell has been around for many years now. There is no way to work around PowerShell anymore, and you should not even want to work around it. With every new release of every new Microsoft product or service, we see an even tighter integration with PowerShell. With the upcoming release, it’s even bigger than before. With Windows Server 2012, we have over 2400 cmdlets available! That is a huge number! In this article, we will take a look at how PowerShell is integrated with Remote Desktop Services in Windows Server 2012. We will dive into PowerShell commands for both RDS scenarios that are available with Windows Server 2012. That is, the Virtual machine-based desktop deployment as well as the Session-based desktop deployment…”

Source: http://www.virtualizationadmin.com/articles-tutorials/vdi-articles/general/using-powershell-control-rds-windows-server-2012.html

Introduction to Windows PowerShell scripting in Windows Server 2012 Remote Desktop Services (by RDS team)

The Microsoft RDS team released a new blog post on using Powershell for Remote Desktop Services in Windows Server 2012. It’s discusses the RemoteDesktop module, and contains many examples on the different cmdlets!

“…One of the new features that we’re all very proud of in Windows Server 2012 is a new Windows PowerShell layer, which provides a powerful set of functionality to set up, configure, and control your Windows Server 2012 Remote Desktop Services (RDS) deployments. The feature is too big to cover in one post, but I wanted to give you a quick introduction to help you get started with scripting your deployments in the Windows Server 2012 Release Candidate build. In this post I’ll give a brief overview of the kinds of tasks you can perform by using the new RDS Windows PowerShell layer, and then go a bit more in-depth with one of the Windows PowerShell cmdlets that you’ll likely be using a lot in your scripts (Get-RDServer), and finally finish up with a practical example showing how to use that cmdlet to install the Desktop Experience feature on all of the Remote Desktop Session Host (RD Session Host) servers in your deployment…”

Source: http://blogs.msdn.com/b/rds/archive/2012/06/28/introduction-to-windows-powershell-scripting-in-windows-server-2012-remote-desktop-services.aspx

You cannot install RDS CALs automatically by using Windows PowerShell in Windows Server 2008 R2

A new KB article related to installing RDS CALs using Powershell was launched today.

Article ID: 2648662 - Last Review: January 11, 2012 - Revision: 1.0
You cannot install RDS CALs automatically by using Windows PowerShell in Windows Server 2008 R2

Consider the following scenario:

• You install the Remote Desktop Licensing (RD Licensing) role service on a computer that is running Windows Server 2008 R2.
• You install hotfix package 2618115 on the computer.
• You try to install Remote Desktop Services client access licenses (RDS CALs) automatically by using Windows PowerShell.
• You select Telephone or Web Browser as the connection method.
• The RD Licensing server does not have an active Internet connection.

In this scenario, you cannot install RDS CALs and you receive the following message:

Access to the object at RDS:\LicenseServer\LicenseKeyPacks\LicenseKeyPack is denied for the cmdlet New-Item. A license key pack could not be created because the input was not valid or permissions were insufficient.

At line:1 char:9

+ New-Item <<<< -path RDS:\LicenseServer\LicenseKeyPacks -ConnectionMethod PW

+ CategoryInfo : PermissionDenied: (:) [New-Item], AccessViolationException + FullyQualifiedErrorId : PermissionDenied,Microsoft.PowerShell.Commands.NewItemCommand

 

Cause
This issue occurs because the RD Licensing server unnecessarily checks whether it is authenticated or not. This behavior requires Internet access. Therefore, the authentication check fails if the RD Licensing server does not have an active Internet connection.

 

Source and hotfix: http://support.microsoft.com/kb/2648662/en-us?sd=rss&spid=14134

 

Using Powershell to install and configure RDS in 2008 R2

I came accros this great series of blog posts on TechNet by Microsoft Consultant Manoj Nair. It explains automating the installation and configuration of Remote Desktop Services in great detail with lots of examples.

Check the links below for particular subjects.


Introduction
http://blogs.technet.com/b/manojnair/archive/2011/12/02/rds-powershell-tfm-introduction.aspx

Part I : Installing Remote Desktop Role Services
http://blogs.technet.com/b/manojnair/archive/2011/12/02/rds-powershell-tfm-part-i-installing-remote-desktop-role-services.aspx

Part II : Configuring Remote Desktop Session Host Server using RDS Provider for PowerShell
http://blogs.technet.com/b/manojnair/archive/2011/12/02/rds-powershell-tfm-part-ii-configuring-remote-desktop-session-host-server-using-rds-provider-for-powershell.aspx

Part III : Configuring Remote Desktop Connection Broker using PowerShell
http://blogs.technet.com/b/manojnair/archive/2011/12/02/rds-powershell-tfm-part-iii-configuring-remote-desktop-connection-broker-using-powershell.aspx

Part IV : Configuring a RDS Farm using PowerShell
http://blogs.technet.com/b/manojnair/archive/2011/12/02/rds-powershell-tfm-part-iv-configuring-a-rds-farm-using-powershell.aspx

Part V : Configuring a RD Gateway using PowerShell
http://blogs.technet.com/b/manojnair/archive/2011/12/02/rds-powershell-tfm-part-v-configuring-a-rd-gateway-using-powershell.aspx

Part VI : Network Load Balancing RDS Farm Members using PowerShell
http://blogs.technet.com/b/manojnair/archive/2011/12/02/rds-powershell-tfm-part-vi-network-load-balancing-rds-farm-members-using-powershell.aspx

Part VII : Using Best Practice Analyzer PowerShell Module of Remote Desktop Services
http://blogs.technet.com/b/manojnair/archive/2011/12/02/rds-powershell-tfm-part-vii-using-best-practice-analyzer-powershell-module-of-remote-desktop-services.aspx

Part VIII : Next Steps
http://blogs.technet.com/b/manojnair/archive/2011/12/02/rds-powershell-tfm-part-viii-next-steps.aspx

Cannot activate an RD Licensing server by using Windows PowerShell in Windows Server 2008 R2

Apparently, when you try to activate a RD license server or install Remote Desktop Services client access licenses (RDS CALs) automatically by using Windows PowerShell you can receive an error caused by the fact that the logic in the PowerShell command, to process the input string, is incorrect. Microsoft released a hotfix for this issue. For details see below.

Article ID: 2618115

Last Review: October 12, 2011
Revision: 1.0
You cannot activate an RD Licensing server or install RDS CALs automatically by using Windows PowerShell in Windows Server 2008 R2

Consider the following scenario:You install the Remote Desktop Licensing (RD Licensing) role service on a computer that is running Windows Server 2008 R2.
You try to activate the license server or install Remote Desktop Services client access licenses (RDS CALs) automatically by using Windows PowerShell.
You select Telephone or Web Browser in the Connection method list.

In this scenario, you cannot activate the RD Licensing server or install RD CALs. Additionally, you receive the following error message:

Set-Item : Cannot bind parameter 'LSID'. Cannot validate argument "<string>". Error: ""
At line:1 char:9
+ Set-Item <<<< .\ActivationStatus -Value 1 -ConnectionMethod PW
+ CategoryInfo : InvalidData: (RDS:\LicenseServer\ActivationStatus:String) [Set-Item], ParameterBindingException
+ FullyQualifiedErrorId : ArgumentError,Microsoft.PowerShell.Commands.SetItemCommand

Source: http://support.microsoft.com/kb/2618115/en-us?sd=rss&spid=14134