Wouldn’t it be nice to find the last user that logged on to a computer and automatically remote in to that computer? To be able to simply type a user’s first name and instantly see their machine? By embedding a script within our Active Directory Users and Computers console, we can easily do this! But first, read Part 1 of this guide before continuing.
The first thing you will need is some type of remote desktop tool. Personally, I use Netsupport. Other products, such as a VNC client, GenControl, or even Remote Assistance, will work great. Next, you will want to create a custom MMC for Active Directory Users and Computers. We will cover those steps in just minute. To give you an idea of how much time you will save, take a look at the picture to the left. This menu is always visible when I am using Active Directory Users and Computer. By clicking on the second to last button (User: NSM into Logged in Computer), I can simply type the name of a user and instantly remote into their computer!
Create the Custom MMC
By customizing a MMC with Active Directory Users and Computers, you will gain several seldom used features. The two biggest are Favorites and TaskPads. Favorites allow quick access and is very useful if your organization has a lot of OUs. TaskPads allow you to add extra features to Active Directory Users and Computers through scripts. Here are the short steps to create the MMC:
- Launch MMC and load the Active Directory Users and Computer Snapin.
- Expand the Snapin until you can left click on an OU.
- Select Action and then New Taskpad View
- Continue through the wizard until it ends.
If needed, a very detailed guide on creating a custom MMC can be found here. When the first wizard closed, it should have opened the New Task wizard. Leave this screen up for a few minutes as we take a look at our remote control script.
The script below makes use of the Quest AD cmdlets for PowerShell.
Add-PSSnapin Quest.ActiveRoles.ADManagement $PROGRAM = “mstsc.exe” $User= read-host “What is the firstname,lastname, or Username of the user?” $Computer = Get-QADComputer -ManagedBy (Get-QADUser $User) Write-Host “name:” $Computer If (($Computer | Measure-Object).Count -gt 1){ $Computer | Select Name,ManagedBy,WhenChanged | sort Name $Computer = read-host “Type the correct Computer Name from list or press enter to exit.” & $Program /v:$Computer } Else{ Get-QADComputer -ManagedBy (Get-QADUser $User) | Select-Object Name,ManagedBy if ($Computer -ne “”){ $Computer = $Computer.Name & $Program /v:$Computer } If ($Computer -eq “”){ Write-Host “empty” exit } }
The script makes use of the built-in Remote Desktop Connection tool. You can use whatever tool you want, including Concurrent User RDP. Just change the $Program variable to your remote control application. We only have a few more steps so let’s go back to our New Task Wizard. Press Next and then select Shell Command. On the command line page, enter the following:
- Command: c:\windows\System32\WindowsPowerShell\v1.0\powershell.exe
- Parameters: -command “”&” ‘”PATHTOSCRIPT.ps1′””
Continue through the wizard by giving your new task a name and an icon. After you are completely done, be sure to save your MMC. When a user now calls, you can simply click your task and type in his name (first, last, or the actual user name). If he is only logged into a single computer, you will instantly remote in. If he is logged into multiple computers, you will be given a choice of computers (as seen in the picture below).
So, will this make your remote support easier? If so, let me know in the comments below! For me, it can easily save me a 10 minutes a day. Because I work 240 days a year, it saves me 40 hours a year! Next task – getting my boss to give me that as a vacation…
Your next task is to subscribe to DeployHappiness and get great weekly tips (plus your free guide to the Windows 8 Administrative Start Menu)!
Final Note: This guide is similar to our GPMC super search MMC. Once you start creating custom MMCs, you will be amazed at the features you can add!
I know this thread is a little old, but this is an awesome tool. The problem I ran into is that when the script runs, it returns every computer in my organization as a choice. In other words it is not grabbing the “Managed By” attribute. The “Managed By” script is being pushed out by GPO (I can see it in GPResult) and the attribute is being populated, however the remote assist script isn’t using it.
To test, I queried for a user whom I know has the Managed By attribute set, and the script still returned every computer in the network as a choice.
Any ideas?
Glad you like it Jeff!
Start by testing portions of the script, specifically this line:
Get-QADComputer -ManagedBy (Get-QADUser $User) | Select-Object Name,ManagedBy
Be sure to change $user to an actual username in the test as the $user variable won’t be set yet.
Hi Joseph,
I wasn’t able to it working based on your instruction in the article. I tweaked around and change the parameters to -command & c:\user\myprofilename\PATHTOSCRIPT.ps1 and was able to reach the point where mstsc starts but no hostname were listed, the ’empty’ word wasn’t there either. any idea how I can fix this?
Thanks!~
Does the script work when you run it just within powershell?
Thank you guys for the quick response. I was finally able to get it to work using your tips.
Hi Joseph,
I have come recently across your blog and I have to say I’m very happy I did; on the very first day I tried a couple of your tricks I was doing my happy dance. I’ve been trying to put this trick of login into a PC by using the username through the AD snap-in but I keep getting a nag. When I first run it, it gave me a red text and rapidly closed the shell; so to better know what was happening I just tried to execute the script directly in PowerShell by typing:
PS C:\Users\administrator> PATH-TO-SCRIPT.ps1
All I got was:
You must provide a value expression on the right-hand side of the “/” operator.
At PATH-TO-SCRIPT.ps1:12 char:17
+ & $Program / <<<< v:$Computer
+ CategoryInfo :ParseError: (:) [], PArseException
+ FullyQualifiedErrorId: : ExpectedValueExpression
I'm no expert but looking at the script, I realized that the error has to do with the variable $Computer; the other thing is that the script never asked me for a username as it is supposed to do on line 4.
Finally I got really confused with the many quotes on the parameters part of the task; when I tried to copy it to notepad and save it; I got an error about Unicodes characters. I'm not even sure that I put the right thing when I created the task; that can be deal with later when I get the script to at least ask me something.
Any clues as to what might be happening?
Thanks,
I am glad that I’ve been able to help you!
Do you have the Quest AD cmdlets installed on your machine?
Hi Joseph,
What a coincidence! I had two screens opened, one on this post and the other in AD and the PS script and as it turns out this morning I installed the Quest AD cmdlets and also realized that the copy/paste on the script brought with it the & secuence whenever the “&” was. After loading the script on a PS editor and cleaning up, I was able to successfully run it!
Then I refresh the post page and there was your reply; neat!
Thanks a lot!
That’s is neat! 🙂 And thank you for posting that tip!
Hi Joseph,
One more comment for the benefit of anyone coming to this post and having same trouble as I had; for the parameters field when creating the task in the AD snap-in, I simply put:
-command “& PATH-TO-SCRIPT.ps1”
Now, I understand that if there are spaces in the path to the script, one must escape those spaces, but since my path doesn’t have it, I didn’t have any problems. It might be worth to explain what the exact sequence of “” must be in order for a path with spaces to work properly.
There is one more thing; I have tested the script with different users and with many of them when the mstsc.exe launches it does so against the Terminal Server where our accounting application runs. So instead of asking me on which of the computers I want to login to, it just goes ahead and tries to login to the TS server.
Is that because is finding only one?
Thanks,
Hi Joseph,
About the script trying to connect to the TS server only; this is because for some reason the script is not assigning the value of the computer name for the user in question or when it calls the program it doesn’t pass the parameter $Computer. When I run the script in the PS editor I see that the script finds the correct name of the computer and the ManagedBy attribute, but it is not using that to connect properly. The reason it was trying to connect to the TS server is because it was the last computer I tried to connect to using mstsc.exe.
I’ll try to debug further and see what I find.
Thanks,
Hi Joseph,
I found out why it is trying to remote to the TS server; it happens only when the user has logged into just one computer. The script only works fine when the user has logged into more than one, because when this happens the variable $Computer gets assigned the value that is input via the console after choosing which one you want to remote to. When the user has logged into just one computer, the “Else” statement of the outer “If” gets executed and I don’t see where the variable $Computer gets assigned any value. I inserted a Write-Host “PC name:” $Computer right before the if ($Computer -ne “”) inside the “Else” and it displays nothing which kinda of confused me since the script should exit and execute nothing. But then I remembered that an undeclared variable will get some kind of value (nil or something), so I went ahead and added a line at the beginning like $Computer = “” and run the script again. As expected the script run, and exited without calling mstsc.exe; I also put a Write-Host statement in the last If ($Computer -eq “”) to check that the script will take this route, and it did.
The reason it was trying to connect to the TS server was that since the variable $Computer was not assigned anything, it was trying to connect to the last connected computer via RDP. I hope my explanation makes sense.
Of course, I’m worry that no one else has come across this issue, so I’m not sure if I’m executing the script properly.
Any clues?
Thanks,
Hi Joseph,
One more update; I tried adding a statement after the “Else” to assign a value to the $Computer variable this way:
$Computer = Get-QADComputer -ManagedBy (Get-QADUser $User) | Select-Object Name
and indeed it called the mstsc.exe with something different this time but not quite correct like:
@{Name=computername} where “computername” is the valid name of the computer.
So I think there is something missing on the script or I’m just wrong of course.
Thanks,
Show me your modified script and I will see what I can do.
Here is the script; it is pretty much what you have in the original article except for the two “Write-Host” at the beginning and the end I added to troubleshoot what path the script is taking. As you can see, there is only one spot in the entire script where the variable $Computer gets assigned a value: on line 8; and it only happens if the user has logged into more than one computer. If the user has logged into just one PC, then the “Else” part of the external “If” kicks in and I don’t see the variable $Computer getting any value.
Thanks,
********************************
Add-PSSnapin Quest.ActiveRoles.ADManagement
$PROGRAM = “mstsc.exe”
$User= read-host “What is the firstname,lastname, or Username of the user?”
$ComputerName = Get-QADComputer -ManagedBy (Get-QADUser $User)
Write-Host “name:” $Computer
If (($ComputerName | Measure-Object).Count -gt 1){
$ComputerName | Select Name,ManagedBy,WhenChanged
$Computer = read-host “Type the correct Computer Name from list or press enter to exit.”
if ($Computer -ne “”){
& $Program /v:$Computer
}
}
Else{
Get-QADComputer -ManagedBy (Get-QADUser $User) | Select-Object Name,ManagedBy
if ($Computer -ne “”){
& $Program /v:$Computer
}
If ($Computer -eq “”){
Write-Host “empty”
exit
}
}
Try this re-worked version:
Add-PSSnapin Quest.ActiveRoles.ADManagement
$PROGRAM = “mstsc.exe”
$User= read-host “What is the firstname,lastname, or Username of the user?”
$Computer = Get-QADComputer -ManagedBy (Get-QADUser $User)
Write-Host “name:” $Computer
If (($Computer | Measure-Object).Count -gt 1){
$Computer | Select Name,ManagedBy,WhenChanged | sort Name
$Computer = read-host “Type the correct Computer Name from list or press enter to exit.”
& $Program /v:$Computer
}
Else{
Get-QADComputer -ManagedBy (Get-QADUser $User) | Select-Object Name,ManagedBy
if ($Computer -ne “”){
$Computer = $Computer.Name
& $Program /v:$Computer
}
If ($Computer -eq “”){
Write-Host “empty”
exit
}
}
Success! It works! I also cleaned up the code a little; there is one line that was intriguing me as why it was needed. So I commented it and it does nothing but displaying some output to the screen; that is line 15 in the updated version. I noticed that you eliminated an “if” statement inside the first “If” that checked for the $Computer variable to be equal “”. I think this is needed, otherwise if the user presses Enter to exit, the code in line 11 will call the application in $Program variable with an empty $Computer parameter. So after I cleaned up all the debugging Write-Host lines, added the previously existing “if and deleted the line “Get-QADComputer -ManagedBy (Get-QADUser $User) | Select-Object Name,ManagedBy” (line 15), the code looks like this:
#############
Add-PSSnapin Quest.ActiveRoles.ADManagement
$PROGRAM = “mstsc.exe”
$User= read-host “What is the firstname,lastname, or Username of the user?”
$Computer = Get-QADComputer -ManagedBy (Get-QADUser $User)
If (($Computer | Measure-Object).Count -gt 1){
$Computer | Select Name,ManagedBy,WhenChanged
$Computer = read-host “Type the correct Computer Name from list or press enter to exit.”
if ($Computer -ne “”){
& $Program /v:$Computer
}
}
Else{
if ($Computer -ne “”){
$Computer = $Computer.Name
& $Program /v:$Computer
}
If ($Computer -eq “”){
exit
}
}
###############
Of course, that’s without the “#”. I tested it several times with different users that logged into one or more computers and it worked every time.
Now I’m ready to Deploy Happiness! 🙂
PS: I guess that the initial code was not an issue for other people because generally, users tend to log into more than one computer, so by asking the admin to choose the computer and enter it via the console, the script was executing fine.
Your does look cleaner! Go forth and deploy happiness! 🙂
thanks for this, it’s very useful to me in my environment…. but one question, is there a way to offer remote assistance using this method…. where you can automatically offer assistance to the user’s name that you have typed in somehow using the msra.exe /offerra switch..?
Probably! Try changing this line:
$PROGRAM = “mstsc.exe”
To whatever program that you want to use. Let me know what you find out.
I have tried replacing $PROGRAM = “mstsc.exe” with $PROGRAM = “msra.exe /offerra” but it does not work. I receive the following error message when I test the script in ISE.
& : The term ‘msra.exe /offerra’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or
if a path was included, verify that the path is correct and try again.
Any suggestions on how to get this to work?
Sure!
Set your program to just msra.exe
Under the if statements, change your the & line to $Program /offerRA $Computer
Hi Joel,
I had the same error; I solved it by adding another variable for the argument like this:
$PROGRAM = “msra.exe”
$Arg1 = “/offerRA”
Then on the if statement after the “&” you use:
$PROGRAM $Arg1 $Computer
This is the same as Joseph said in his reply; it just allows for modifying the argument in just one place in case you need to, instead of modifying it on every place where you call the program.
Thanks,