Show Citrix Studio administrators

Recurses AD groups found to show all user accounts with any access to Citrix Studio._x000A_Needs to be run using an account that has at least read-only Studio access._x000A_Use it to see exactly which users have access and what level._x000A_Arguments:_x000A_ User Name to Query – an optional username or regular expression to restrict the display to_x000A__x000A_If a name is specified as a parameter then only that account is reported on

Version: 1.6.11
Created: 2018-10-24T16:18:57.733
Modified: 2018-11-26T15:48:10.387
Creator: Guy Leech
Downloads: 37
Tags:
The Script Copy Script Copied to clipboard

#requires -version 3.0

<# Retrieve all user accounts which have Citrix Studio admin access Guy Leech Modification History: 31/10/18 GRL Add unidentified accounts to the output #>

[string]$userName = $null
if( $args.Count -and $args[0] )
{
$userName = $args[0]
}

[int]$outputWidth = 400
[hashtable]$global:groups = @{}

Function Get-GroupMembers( $admin , $group )
{
$group.psbase.invoke(‘members’) | ForEach-Object

    {
        $adspath = $_.GetType().InvokeMember( 'ADSPath' ,  'GetProperty',  $null,  $_, $null)
        $class = $_.GetType().InvokeMember( 'Class' ,  'GetProperty',  $null,  $_, $null)

        if( $class -eq 'group' )
        {
            try
            {
                $groups.Add( $adspath , $global:groups )
                Get-GroupMembers -group ([ADSI]"$adspath,$class") -admin $admin
            }
            catch
            {
                Write-Warning "Group $adspath is nested recursively"
            }
        }
        elseif( $class -eq 'user' )
        {
            $accountbits = $adspath -split '/'
            Get-UserProperties -name "$($accountbits[-2])$($accountbits[-1])" -user ([ADSI]"$adspath,$class") -viaGroup $group.Name.Value -admin $admin
        }
    }
}

Function Get-UserProperties( $name , $admin , $user , $viaGroup )
{
    $lastLogin = if( $user )
    {
        try
        {
            [math]::round( (New-TimeSpan -End ([datetime]::Now)  -Start $user.LastLogin.Value).TotalDays , 1 )
        }
        catch
        {
            'Never'
        }
    }
    else
    {
        '?'
    }

    [pscustomobject][ordered]@{
        'Name' = $name
        'Full Name' = $user.FullName.Value
        'Admin Group' = $viaGroup
        'Admin Enabled' = if( $admin.Enabled ) { 'Yes' } else { 'No' }
        'Rights' = $admin.Rights -join ','
        ##'Description' = $user.Description.Value
        'Last AD Login (days)' = $lastLogin
        ##'Password Last Changed' = (Get-Date).AddSeconds( -($user.PasswordAge.Value) )
        'Password Expired' = if( $user) { if( $user.PasswordExpired )  { 'Yes' } else { 'No' } } else { '?' }
        'Account Disabled' = if( $user) { if( ( $user.UserFlags.Value -band 0x02 ) )  { 'Yes' } else { 'No' }} else { '?' }
        'Account Locked' =   if( $user) { if( ( $user.UserFlags.Value -band 0x10 ) ) { 'Yes' } else { 'No' }} else { '?' }
        ##'Bad Passwords' = $user.BadPasswordAttempts.Value
    }
}

Add-PSSnapin 'Citrix.DelegatedAdmin.Admin.*' -ErrorAction Stop

## can't search at this level for account as will only work if assigned at the to level, not via a group
[array]$admins = @( Get-AdminAdministrator -ErrorAction Stop )

$results = @( ForEach( $admin in $admins )
{
    $user = $null
    $group = $null

    [string]$domain,[string]$account = $admin.Name -split '\'
   
    $group = [ADSI]"WinNT://$domain/$account,group"
    if( ! $group -or ! $group.PSObject.properties[ 'Path' ] )
    {
        $group = $null
        $user = [ADSI]"WinNT://$domain/$account,user"
    }

    if( $group )
    {
        Get-GroupMembers -admin $admin -group $group
    }
    elseif( $user -and $user.PSObject.properties[ 'Path' ]  )
    {
        Get-UserProperties -admin $admin -user $user -name $admin.Name
    }
    else
    {
        Write-Warning "Unable to find account entity

“$($admin.Name)

""
        Get-UserProperties -admin $admin -user $null -name $admin.Name
    }
}) | Where-Object { $_.Name -match $userName }

# Altering the size of the PS Buffer
$PSWindow = (Get-Host).UI.RawUI
$WideDimensions = $PSWindow.BufferSize
$WideDimensions.Width = $outputWidth
$PSWindow.BufferSize = $WideDimensions

[string]$summary = "Got $($results.count) individual admins from $($admins.Count) entries"
if( ! [string]::IsNullOrEmpty( $userName ) )
{
    $summary += " matching

“$username`””
}

$summary
$results | Sort ‘Rights’ | Format-Table -AutoSize

START YOUR TRIAL

Get Your Download Link

Gain access to ControlUp from your PC. Register and get a link to start your Free Trial.