I am using dirsync to get the attributes value that have changed in Active Directory(changelog).
The following link explains how the dirsync is used to get attribute values :
'http://blogs.technet.com/b/isrpfeplat/archive/2010/09/20/using-the-dirsync-control.aspx'
I am changing the attribute Local path under Remote Desktop Services Profile of a user. I have ran a client which uses dirsync to get the changed objects in AD.
In the client the attribute that is changed is userParameters
and the value is in encrypted form.
CtxCfgPresent P☺CtxCfgPresent???? ☻☺CtxWFProfi
lePath?↑→☺CtxWFHomeDir?????????????"☻☺CtxWFHomeDirDrive?☺CtxShadow????☺CtxMaxDis
connectionTime????☺CtxMaxConnectionTime????☺CtxMaxIdleTime???? ☻☺CtxWorkDirector
y?☺CtxCfgFlags1????"☻☺CtxInitialProgram?
Is there a way to get the actual value form the userParameters.
Method 1: Parse yourself :)
Structure of the info is described in the [MS-TSTS] spec:
http://msdn.microsoft.com/en-us/library/ff635189.aspx
Method 2: IADsTSUserEx interface
For example, in C#:
DirectoryEntry userEntry = new DirectoryEntry("LDAP://domain.com/CN=user1,CN=Users,DC=domain,DC=com", "user", "pwd")
IADsTSUserEx tsUser = userEntry.NativeObject as IADsTSUserEx;
Definition of IADsTSUserEx is something like this:
(I only need to read the info in my project, so only have the getter but no setter)
[
ComImport,
InterfaceType(ComInterfaceType.InterfaceIsIDispatch),
Guid("C4930E79-2989-4462-8A60-2FCF2F2955EF")
]
private interface IADsTSUserEx
{
string TerminalServicesProfilePath { get;}
string TerminalServicesHomeDirectory { get;}
string TerminalServicesHomeDrive { get;}
bool AllowLogon { get;}
long EnableRemoteControl { get;}
long MaxDisconnectionTime { get;}
long MaxConnectionTime { get;}
long MaxIdleTime { get;}
int ReconnectionAction { get;}
int BrokenConnectionAction { get;}
bool ConnectClientDrivesAtLogon { get;}
bool ConnectClientPrintersAtLogon { get;}
bool DefaultToMainPrinter { get;}
string TerminalServicesWorkDirectory { get;}
string TerminalServicesInitialProgram { get;}
}
You may also use other scripting language, which will be simpler than C#.
vbscript:
http://www.wisesoft.co.uk/scripts/vbscript_read-write_terminal_services_settings.aspx
PowerShell:
http://blogs.technet.com/b/heyscriptingguy/archive/2008/10/23/how-can-i-edit-terminal-server-profiles-for-users-in-active-directory.aspx