AD User Recon of Terminal Services Profile Attributes

Similar Messages

• How to change path of Users Terminal Services Profile for multiple AD users on server 2003?

  Hello experts. I am working on a file server migration. All data has been migrated, I am currently working on redirecting users to the new file server. I
  am able to select multiple users at once in ADUC -> right-click -> properties -> profile and here I can change the home folder and roaming profile path for each all users to point towards the new file server. 
  The issue I have run in to is that we have roaming profiles for terminal services users. So, there are hundreds of users that have their terminal services profile
  configured in AD -> Right-click user (one at a time) -> properties -> terminal services profile. Here, the profile path is configured for each user as \\OLDserver\Profiles\%username%
  and I need to change it to \\NEWserver\profiles\%username%. 
  I know that you can configure this path via group policy, I set up a GPO; Computer / Administrative Templates / Windows Components / Terminal Services / “Set Path
  for TS Roaming Profiles” as \\NEWserver\profiles and applied this GPO to an OU containing the TS servers.
  The problem is, the GPO is not working... When I log in to the TS and add a document to My Documents, it is still saving under \\OLDserver\profiles\Username.
  So, the settings in AD are trumping the GPO I believe. What is the best way to accomplish my goal? Thanks in advance!

  > to change it to \\NEWserver\profiles\%username%.
  That is "profile" in opposite to...
  > add a document to My Documents, it is still saving under
  > \\OLDserver\profiles\Username.
  ...this one which is Folder Redirection and has NOTHING to do with
  server based profiles.
  > So, the settings in AD are trumping the GPO I believe.
  No, it isn't. When you do not enable FR and you access "Documents", you
  will never see an UNC path but the local c:\users\xyz\documents folder.
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Getting Terminal Service Profile Path

  We are provisioining users to the Active Directory. However, using Xpress/Java, how can the AD's Terminal Services Profile Path can be retrieved by IDM. Basically, i would like to retrieve this information before the the account is deprovisioned.
  Edited by: user6420881 on 3/10/2010 23:45

  I dont see much hope with Java/Xpress to set the Terminal Services group of attributes.
  There is no LDAP attribute named 'Terminal Services Profile Path' which is the problem. All these Terminal Services "attributes" are bundled up as a set of User Parameters. I think MS had to do this for historical reasons with NT4.
  Unless the AD Gateway service has support for Terminal Services builtin (check the documentation) the only way I can see to set these is by Using Powershell or some MS script based solution called as an After Update or After create action. But that's setting only IDM -> AD.
  Reading these strings back to IDM is hard.. maybe a Powershell script can decode the TS blob and store the strings in CustomAttributes ???
  I know this TS stuff is a pain.

• OIM: Terminal Services Profile Path

  Hi,
  I am using OIM and AD with the OOTB AD connector.
  I have made a pre-populate adapter that generates a Terminal Services Profile Path for a user. I would like the path to be added to users when they are created.
  I have added an entry in the the AD User Form, pre-populate tab. Field name: Terminal Profile Path. Adapter: My generate Terminal Services Profile Path adapter.
  Unfortunately, the Terminal Profile Path field is not pre-populated in the process form.
  I have also tried to add a process task triggered by the create user task, and made my adapter a Process Task Adapter. This did not work either.
  Just to test it, since there is no column for Terminal Services in the usr table, I created a Terminal Services Profile Path UDF. When I fill in the path in the UDF manually, the Terminal Profile Path field is not pre-populated in the process form.
  I have made pre-populate adapters for other UDFs and had no troubles with that. Does anyone know if there is something special about this Terminal Services Profile Path field?
  Thanks!!

  Thanks Rajiv,
  When I use a process task, the task is invoked, and I get:
  Status: Rejected
  Response: 62: Unknown response received.
  But I thought I didn't really need to use a process task, and that it would be sufficient with a pre-populate adapter mapped to the right field. But it seems like I'm not using the field in the correct way...?
  Thanks!

• Delete Terminal Services profile from custom directory

  We have Terminal Servers running Windows Server 2003. 
  We have TS Profile Path set to D:\TSProfilesXXX1 using Group Policy.
  Now, we are planning to delete all the old TS profiles from C:\Documents and Settings and D:\TSProfilesXXX1 folders.
  Found Utility DELPROF from Microsoft, however, it works for C:\Documents and Settings by default and does not seem to be working for D:\TSProfilesXXX1.
  Any Help here ???
  MCSE Certified

  Hi,
  Thank you for your posting in Windows Server Forum.
  For your issue, you can delete the cached copy of roaming profile by GPO setting. Please check the GPO setting “Computer Configuration | Administrative Templates | System | User Profiles
  | Delete cached copies of roaming profiles.”
  More information.
  User Profiles
  To manually remove you can also use registry setting. If you’re connecting to a remote computer and not cleaning up a local registry, click on Registry in the File menu and select Connect To Network Registry. Enter the name of the computer you deleted profiles
  from and browse down in the registry to these two locations:
  •HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\
  •HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\
  Detail information.
  Clean up Terminal Services profiles with DELPROF
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Field explorer does not open on my terminal services profile

  Dear Sirs,
  For some reason I am unable to open my field explorer in any crystal report on my terminal services profile. I have checked with other profiles and the problem does not exist. The problem is specific to my profile. I can also create new reports and access fields however if I use the filed explorer button I cannot access fields, parameters or formulas from there. Problem just started this morning. We have been using crystal reports X1 for last 12 months. Would it be a terminal server issue?
  I would appreciate whatever help you can give me.
  Regards,
  Philip Brady
  Finance Director
  National Electrical Wholesalers (Irl) Ltd

  Hi Philip
  This can be an issue with the terminal server that you are using. Please refer to the Crystal Reports XI supported platforms guide if the server that you are using is supported or not.
  You can download the guide from the below link:
  [download CR XI supported platforms guide|http://www.2shared.com/file/4065156/f2ef25e1/cr_xi_supported_platforms.html]
  Hope this helps!!
  Regards
  Sourashree

• AD user account Remote Desktop Services Profile tab

  I have a template I created for a RDS environment.  I'm using the AD account properties to map the Home directory.
  If I set the home folder on the "Profile" tab and copy the template to a new user, it works just fine.  If I change the template to connect the Home folder from the Remote Desktop Service Profile tab it works for the template...but when I
  copy that template to a new user the home folder attribute does not copy.
  Anyone know why?  Or perhaps of a trick to get this to work?
  I've gone as far to set the msTSHomeDrive and msTSHomeDirectory attributes "Attribute is copied when duplicating a user" but doesn't appear to work.  I dont' see an updated "RDS" type attribute that stands out on this 2012 DC.

  Hi,
  Please go through below article might helpful in your case.
  How to read msTSProfilePath, msTSHomeDrive and msTSHomeDirectory properties from AD (VB.NET)
  http://blogs.msdn.com/b/alejacma/archive/2010/10/13/how-to-read-mstsprofilepath-mstshomedrive-and-mstshomedirectory-properties-from-ad-vb-net.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Problem Launching BPC for Excel in Terminal Services/Citrix Environment

  Hello.
  We are having an issue launching BPC in our terminal services/citrix environment. This is not the main way that users will be accessing BPC, but we plan to have it available for off-hours/off-site use.
  Here are details on our environment.
  1) BPC version: 5.0.502 (5.1, SP3, patch 4)
  2) Env: 1 web/app server, 1 database server
  3) SQL Server 2005 Enterprise Edition, SP2
  4) Problem occurs sporadically for any user.
  In some instances, launching BPC for Excel does not bring up the connection wizard, instead, an error message displays saying "Object Variable is not set". We then logoff, delete the terminal services profile, and logon again, forcing the creation of a new terminal services profile, and BPC for Excel will launch the connection wizard as expected. So it seems that the terminal services profile sometimes gets corrupted. Does someone know which Windows registry key would cause this situation so we can determine the root problem? Deleting the profile is not a practical permanent solution. This is only an issue in terminal services/citrix, no other environment.
  I opened this with support, but they said it's my problem. I'd appreciate any ideas to solve this. Thanks, Nancy

  Hello,
  I have exactly the same problem too (Citrix / BPC 7.0M SP6 Client).
  Do you have a solution regarding this issue ?
  Thanks in advance.

• Error Creating New User Accounts when Setting Terminal Services Attribute

  We have just started receiving this error when new users are being created in our domain as part of the new hire process. Does anywhere have any pointers on where to look and what to look for?
  ErrorError
  com.waveset.util.WavesetException: WTSQueryUserConfig() failed - Attribute: 'Terminal Services Home Directory Drive' Error: The specified user does not exist.
  Is this something that would indicate that AD isn't replicating across multiple domain servers yet, and thus when it tries to set this attibute this command isn't finding the account? If that is the case is there a way to have a retry put in?

  May I ask what version of IDM you're running?
  There's a known bug that relates to this functionality. A quick review shows it's a pretty close match (not 100%) to what you described.
  Bug 20728: Setting AD 'Terminal Services Local Home Directory' to null in IdM results in WTSSetUserConfig error
  It's fixed in 8.1.0.3(or later), 8.0.0.10(or later), or 7.1.1.14(or later).
  For the record, the latest IDM patches can be obtained here with valid credentials:
  http://sunsolve.sun.com/show.do?target=patches/zp-Software_Network-Internet_Identity_Manager
  Regards,
  Alex

• Reading AD Terminal Services attribute

  Hi,
  I am trying to read user profile from AD using JNDI code.Using the code I am able to read all the attributes except the terminal services attribute like TerminalServicesProfilePath. Can anyone tell me is it possible to read the value of these attributes using JNDI, if pssoible then how can we do this. Also if there is any othe way to acheive this.
  TIA

  If I remember correctly, there are no specific Terminal Services attributes that you can easily gain access to in Active Directory. Rather the terminal services user settings are stored in a binary blob of data stored in the userParameters attributes. (FYI, Historically this was to provide backwards compatibility for NT4 where Terminal Services, Remote Acess Services, Services for Netware and third party solutions (such as Lotus Notes) stored user settings in a NT4 domain property called userParams)
  You may be able to access each Terminal Services setting in the binary blob either via a set of Terminal Services COM interfaces or from what I have read from a set of Windows Management Instrumenation (WMI) interfaces. Here is a useful link for you. http://blogs.technet.com/heyscriptingguy/archive/2008/10/23/how-can-i-edit-terminal-server-profiles-for-users-in-active-directory.aspx
  BTW, You can access WMI which is the Microsoft implementation of Web Based Enterprise Management (WBEM) via Java. There is some crude sample code at http://forums.sun.com/thread.jspa?threadID=5116320

• How to ge the value for attribute for terminal services attribute in Active Directory from userParameters attribute

  I am using dirsync to get  the attributes value that have changed in Active Directory(changelog).
  The following link explains how the dirsync is used to get attribute values :
  'http://blogs.technet.com/b/isrpfeplat/archive/2010/09/20/using-the-dirsync-control.aspx'
  I am changing the attribute Local path under Remote Desktop Services Profile of a user. I have ran a client which uses dirsync to get the changed objects in AD.
  In the client the attribute that is changed is `userParameters` and the value is in encrypted form. 
      CtxCfgPresent                                   P☺CtxCfgPresent???? ☻☺CtxWFProfi
      lePath?↑→☺CtxWFHomeDir?????????????"☻☺CtxWFHomeDirDrive?☺CtxShadow????☺CtxMaxDis
      connectionTime????☺CtxMaxConnectionTime????☺CtxMaxIdleTime???? ☻☺CtxWorkDirector
      y?☺CtxCfgFlags1????"☻☺CtxInitialProgram?
  Is there a way to get  the actual value form the userParameters.

  Hi,
  What about other changed attributes? Are other attributes retrieved by DirSync control turn to be encrypted form?
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• RDS terminal services users automatic logsoff

  Please help or advice ; when trying to logon on RDS terminal Services on windows server
  2008 r2 it automatically logsoff, it shows  welcome,applying user settings, preparing desktop and logoff.

  On AD environment Tab everything is the same as any other users that are working ok. here is the log
  Log Name:      Application
  Source:        Microsoft-Windows-User Profiles Service
  Date:          2014/09/16 10:12:41 AM
  Event ID:      1542
  Task Category: None
  Level:         Error
  Keywords:     
  User:          SYSTEM
  Computer:      TS.QUO.co.za
  Description:
  Windows cannot load classes registry file.
   DETAIL - The system cannot find the file specified.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
      <EventID>1542</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>0</Task>
      <Opcode>0</Opcode>
      <Keywords>0x8000000000000000</Keywords>
      <TimeCreated SystemTime="2014-09-16T08:12:41.331620700Z" />
      <EventRecordID>676052</EventRecordID>
      <Correlation />
      <Execution ProcessID="848" ThreadID="15188" />
      <Channel>Application</Channel>
      <Computer>TS.QUO.co.za</Computer>
      <Security UserID="S-1-5-18" />
    </System>
    <EventData>
      <Data Name="Error">The system cannot find the file specified.
  </Data>
    </EventData>
  </Event>

• User profile attributes

  Hi,
  In WC Spaces, how can I change the labels for default user profile? ex) "Postal code" to "Zip code"
  Thank you.

  Many user's will see domain\useraccount after they visit their personal site. And here is what I did:
  1, configured the user profile sync service
  2, start the user profile sync manually several times in my test environment and production env.
  3, I checked the 2 environments, both update succeded, the "User Profile" for each user and the display name is synced from AD .
  4, In my test env, I found the user's display name is fixed to the correct one, but in prod env, the name still showed as domain\useraccount.
  5, I compared the data between test and prod env, and found the only difference is in the "My Settings". in my test env, the display name is correct and and the last updated time is 3:00PM TODAY, in my prod env, the display name is "domain\account" and the
  last updated time is a time a couple days back. 
  6, Possible reason: Maybe the sync just update the display name in "USER PROFILE", but the update in "MY SETTINGS" will be a later job triggered by some other sharepoint services?
  7, I tried anothe sync on my prod env and wait till another clock, and now the prod env is all corrected! the display name in "MY SETTINGS" are updated and the last updated time is 4:00PM TODAY.
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/1a2404c8-9fb6-47f8-8021-1149fc2b09e3/user-profile-attributes-not-updated-after-syncshows-in-central-admin-but-not-my-settings?forum=sharepointadminprevious
  Or
  Try to use Sync tool to troubleshoot
  http://blog.kappasolutions.ca/blog/post/2010/10/03/Add-New-Active-Directory-Attributes-to-SharePoint-User-Profiles.aspx
  http://blogs.msdn.com/b/tehnoonr/archive/2010/11/22/mapping-user-profile-properties-in-sharepoint-2010-to-ldap-attributes.aspx

• Reconcile AD Terminal Services attributes

  Hi,
  I am using AD connector 9.1.1 and wnat to reconcile Terminal Services attributes for a AD user but I do not want to use the remote manager.
  Can anyone tell me is there any way by which we can reconcile these attributes without using Remote Manager
  TIA

  OK, these are Microsoft names, their LDAP names don't have dashes. These attributes were added to AD schema in Windows Server 2003 but only exposed via LDAP in Windows 2008. See http://msdn.microsoft.com/en-us/library/ms675090%28VS.85%29.aspx for full list. To make them visible, you need to delegate control over these attributes to right user accounts or groups/OUs (via AD Users and Computers or by scripting).
  Native Microsoft scripting tools use ADSI to manage these attributes (starting with Server 2003) and ADSI driver uses LDAP syntax but it's not the same thing as pure LDAP.
  Before 2008, userParameters was used to store terminal services info. Actually, I dont know what 2008 does with these new attributes and how it works with userParameters, it's not documented well.

• Accessing Terminal Services Attributes from Active Directory LDAP property userParameters

  After many years of complaints, Microsoft has done little to address the overwhelming outcry for information on the accessing the Terminal Services properties through LDAP.
  I found this document that fully describes the Encode/Decode mechanism for the userParameters attribute.
  https://msdn.microsoft.com/en-us/library/ff635189.aspx
  The property is used for more than terminal services, but even Microsoft is confused about it's use it would seem.  I won't go into details, but for all those trying to access the terminal services attributes, this document should help.
  I have not yet converted the mapping into a JAVA module, so please don't ask for help.  I just need a more public place to put this, than the currently buried location at microsoft, to make for easier retrieval from the web community of java developers.

  Hi,
  What about other changed attributes? Are other attributes retrieved by DirSync control turn to be encrypted form?
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]