Citrix XenApp 6.5 and Powershell
Cool! Citrix has powershell. First thing I did was run a request to update all the group memberships from a confusing array of what looks like an organic process whereby users and groups are used with abandon to ACL Citrix applications.
So what I did was list out all the applications and then using Quest AD tools create groups called "XenApp - " + <application name> this worked great!
I couldn't get the remoting to work - we don't have a PKI here?!?! SO this is a two stage process, output the applications to a csv and the import to create the groups.
Next I populated each application with these groups. Nothing worked. I first thought that the error - Cannot find group - meant that replication hadn't happened. So I waited. This was not the case.
It seems that Quest AD tools do not create the pre-Windows 2000 name for the group. This is what Citrix uses to ensure that the group exists before it will assign this to an application.
I could not find a way around this, I tried setting the SAMAccountName which looks like it should work but this fails (for me).
Anyways I bit the manual bullet and put the names in by hand. Ergh!
Then everything worked fine.
I had a script to get all my apps. One more to create the groups called the app names - I stuck "XenApp - " on the front of the group names and a final script to assign those groups back to the applications.
For what it is worth here is my powershell:
Citrix one liner:
Get-XAApplication | Select DisplayName
Quest stuff:
# add Quest AD Snap In
Add-PSSnapin Quest.activeroles.admanagement -ErrorAction SilentlyContinue
# Read in application list
$grouplist = Get-Content C:\Scripts\applications.csv
$ou = Get-QADObject("OU=CITRIX,OU=GROUPS,DC=DOMAIN,DC=COM")
# Now make a group for each Application
foreach($group in $grouplist){
# Get the Name of the group
$name = "XenApp - " + $group
$iName = $name.Replace(" ","_")
$iName
New-QADGroup -ParentContainer $OU -Name $name -DisplayName $name -GroupType Security -GroupScope Global -SamAccountName $iName
}
Citrix Stuff again
# Get the list of all the applications
$applist = Get-XAApplication
foreach($app in $applist){
$account = "DOMAIN\XenApp - " + $app.DisplayName
Add-XAAccount -BrowserName $app.DisplayName -Accounts $account
}
So what I did was list out all the applications and then using Quest AD tools create groups called "XenApp - " + <application name> this worked great!
I couldn't get the remoting to work - we don't have a PKI here?!?! SO this is a two stage process, output the applications to a csv and the import to create the groups.
Next I populated each application with these groups. Nothing worked. I first thought that the error - Cannot find group - meant that replication hadn't happened. So I waited. This was not the case.
It seems that Quest AD tools do not create the pre-Windows 2000 name for the group. This is what Citrix uses to ensure that the group exists before it will assign this to an application.
I could not find a way around this, I tried setting the SAMAccountName which looks like it should work but this fails (for me).
Anyways I bit the manual bullet and put the names in by hand. Ergh!
Then everything worked fine.
I had a script to get all my apps. One more to create the groups called the app names - I stuck "XenApp - " on the front of the group names and a final script to assign those groups back to the applications.
For what it is worth here is my powershell:
Citrix one liner:
Get-XAApplication | Select DisplayName
Quest stuff:
# add Quest AD Snap In
Add-PSSnapin Quest.activeroles.admanagement -ErrorAction SilentlyContinue
# Read in application list
$grouplist = Get-Content C:\Scripts\applications.csv
$ou = Get-QADObject("OU=CITRIX,OU=GROUPS,DC=DOMAIN,DC=COM")
# Now make a group for each Application
foreach($group in $grouplist){
# Get the Name of the group
$name = "XenApp - " + $group
$iName = $name.Replace(" ","_")
$iName
New-QADGroup -ParentContainer $OU -Name $name -DisplayName $name -GroupType Security -GroupScope Global -SamAccountName $iName
}
Citrix Stuff again
# Get the list of all the applications
$applist = Get-XAApplication
foreach($app in $applist){
$account = "DOMAIN\XenApp - " + $app.DisplayName
Add-XAAccount -BrowserName $app.DisplayName -Accounts $account
}
Comments
Post a Comment