Duplicating Domain Users group

Why would you need to do this? Suppose that the person that you inherited the Citrix environment from has published a large portion of the applications to Domain Users. Now you need to make a fundamental change to the user environment for only some of the users. How do you migrate groups of users w/o doubling the icons they see? I chose to first change the group to a group populated with all users. Then move users from that group to a new group for the new icons.

If you're fortunate enough to have 5000 user objects or less, this is a trivial powershell command (something like -- get-adgroupmember -Identity "Domain Users" | Add-ADGroupMember -member $_.samaccountname -Identity "NewGroup" --  full disclosure, I didn't test this command).

What I had to do was use a dsquery command to output the list to a text file.
dsquery group -samid "Domain Users" | dsget group -members | dsget user -samid > C:\Temp\ALL_Users.txt

Then loop through the list and import via powershell.
import-module activedirectory
foreach ($user in (gc c:\temp\All_Users.txt) ) { add-adgroupmember -member $user.trim() -Identity "NewGroup1" }

Best of luck! Again, this is without guarantees or warranties. You're on your own if this doesn't work or has unintended effects.

Citrix License Server / Concurrent License Check & Email

This is a script I have built to email me when the license server has issued some level of licenses determined by the variable $licensealertlevel (set at the top). I have this set as a scheduled task on the license server running a powershell script. There is no warranty or support with this code. Use at your own risk.

#############################################################
#Set license alert level
$licensealertlevel = 3500

#change path to the folder with the EXE
Set-Location -path "c:\Program Files (x86)\Citrix\Licensing\LS"

#bring in results for specific licenses you're using
$a = Invoke-Command -scriptblock { .\lmstat.exe -c "..\MyFiles\<License file>" -a | find "Users of LICENSEMODE" }
#where LICENSEMODE is the license mode you're checking for, e.g. XDT_ENT_CCS

#match numerical values
$b = ( $a | select-string "\d+" -AllMatches )

if ($b.matches[1].value -gt $licensealertlevel) {
#build body of email
$body = $b.matches[1].value + " of " + $b.matches[0].value + " licenses are currently used"

#use quick powershell to send email
send-mailmessage -to "email" -from "email" -subject "!!!ALERT!!! Licenses Used" -body $body -SmtpServer smtpserver
}
#############################################################

You may need to use some of the info at the following link to figure out what your license mode should be. http://support.citrix.com/proddocs/topic/licensing-1110/lic-admin-cmds-status-r.html

Rebuilding a Desktop Delivery Controller

After a windows update, a desktop delivery controller was BSOD. After other resources rebuilt the server and reintroducing the server back to the XenDesktop 5.6 farm, it didn't work fully as you expect. The broker service wasn't starting and things weren't quite right. So rebuilding the server is what needs to be done.

The high-level planned steps are below:

1. Backup XenDesktop farm database
2. Run evict script http://support.citrix.com/article/CTX134486
3. Turn over server for Wintel rebuild
4. Install DDC software

I'll update with results.

Application virtualization: any good training classes?

I was recently tasked with finding a training class for the technology group I work within regarding application virtualization. After some quick looking, I found Timothy Mangan's site (http://www.tmurgent.com/appv/). I thought to myself, "Is this really the only training resource that the tech industry has produced? This can't be, as the technology has been around for 5+ years now." However,  further searching has produced limited results. I'm in contact with our vendors to see if there is product-specific training they can offer.

There seems to be a generally accepted basic methodology, seen on resources like http://www.itninja.com/software, but has no one advanced that to the IT community via training? Does anyone else have any leads on a training class both for basic and advanced application packaging?

Changing permissions on several folders

Today's tweet reminded me of a large issue I tackled last year working with folder permissions which were improperly setup. There were over 3000 user profile folders with the User group with inherited read.

Basically, I tackled it as such:
1. Run ICACLS to remove inheritance on the folders and setup proper permissions.
2. Remove undesirable permissions on the root folder via the NAS command-line, setting up proper permissions for newly created folders.

This worked really well, and I was able to multi-thread several scripts running on different groups of user folders. It took a few days, but we got the errant folder settings corrected, without service interruption.

Great blog post

Not a huge fan of just linking to other articles with not much added. However, this is a great contribution discussing what may or may not be best practice. http://blogs.citrix.com/2014/01/02/new-citrix-best-practices/

XenDesktop 7, XenApp edition is missing XenApp 6.5 features

Turns out there are XenApp 6.5 features that are not available in XenDesktop 7, XenApp edition. Make sure your environment isn't dependent on some of these features. http://www.shaunritchie.co.uk/xenapp-6-5-vs-xendesktop-7-app-edition for a great table describing the differences.