ActiveDirectory User RemoteControl tab details?

StackOverflow https://stackoverflow.com/questions/17366080

Question

I'm trying to figure out how to get some active directory details specifically from the "Remote Control" tab from a users properties.

Remote Control tab Screenshot

I'm able to find other details by using code similar to the following:

            //modify this line to include your domain name
            string path = string.Format("LDAP://{0}", domain);

            //init a directory entry
            DirectoryEntry dEntry = new DirectoryEntry(path);

            //init a directory searcher
            DirectorySearcher directorySearcher = new DirectorySearcher(dEntry);

            directorySearcher.PropertiesToLoad.Add("samAccountName");
            directorySearcher.PropertiesToLoad.Add("displayName");
            directorySearcher.PropertiesToLoad.Add("cn");
            directorySearcher.PropertiesToLoad.Add("distinguishedName");

            directorySearcher.PropertiesToLoad.Add("objectCategory");
            directorySearcher.PropertiesToLoad.Add("objectSID");
            directorySearcher.PropertiesToLoad.Add("objectGUID");

            directorySearcher.PropertiesToLoad.Add("manager");

            directorySearcher.Filter = "(&(objectClass=user))";

            //perform search on active directory
            searchResults = directorySearcher.FindAll();

            //loop through results of search
            Parallel.ForEach<SearchResult>(searchResults.Cast<SearchResult>().ToList(), searchResult =>
            {
                // Any processing
            });

But I haven't been able to figure out where the remote information is stored. Normally I used ADSI Edit and look for changes to the attributes as I modify them, but I haven't noticed anything changing. Could anyone point me in the correct direction?

I should mention that my domain function level and forest function level are both 2003.

Was it helpful?

Solution

In Windows Server 2008 (and R2), the Terminal Services Terminal Server Runtime Interface takes the user parameters from the user Active-Directory attribute called userParameters. As explain in Microsoft documentation userParameter contains Terminal Server parameter as blob (have a look to USERCONFIG structure).

Edited : This is exactly the same on W2K3 R2.

Here is the way to find the difference in the attributes when you check or uncheck something. I use LDIFDE.EXE tool.

ldifde -f c:\temp\ph1.ldf -d "ou=Monou,dc=societe,dc=fr" -r "sn=hocquet"

I uncheck the enable remote control

ldifde -f c:\temp\ph2.ldf -d "ou=Monou,dc=societe,dc=fr" -r "sn=hocquet"

The comparaison between ph1.ldf and ph2.ldf gives.

InputObject                                                                   SideIndicator
-----------                                                                   -------------
whenChanged: 20130703130209.0Z                                                =>
uSNChanged: 168396                                                            =>
userParameters::                                                              =>
 ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUAQaCAFDd... =>
 dQcmVzZW5045S15pSx5oiw44GiGAgBQ3R4Q2ZnRmxhZ3Mx44Cw44Gm44Cy44C5EggBQ3R4U2h... =>
 44Cw44Cw44Cw44CwKgIBQ3R4TWluRW5jcnlwdGlvbkxldmVs44Sw                         =>
whenChanged: 20120124083342.0Z                                                <=
uSNChanged: 163184                                                            <=
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top