Automating Citrix with PowerShell GUY LEECH (@GUYRLEECH) CUGC XL CENTRAL, APRIL 2021 

Why?  Usually easier/quicker than using consoles/installers from (multiple) vendors (once automated)  Save time & increase reliability of bulk/repeated operations  Repeatability  Eliminate human error (once you've tested scripts thoroughly)  Scheduled tasks  Easy to import/export to csv/xml/json and send emails & other methods of notification  Large number of scripts and learning resources out there  But check/test all scripts before running them as admin on production systems! @guyrleech 

What?  CVAD builds – install and configure  Creating new end-points  Reboot schedules  Updates  Backups  Problem identification/mitigation  Daily Health Checks  NetScaler builds & configuration  … whatever is tedious, time consuming, error prone, boring, not fun, etc  But only if it's worthwhile/time efficient @guyrleech 

Creating New MCS Devices  Active Directory Machine Accounts  Get-AcctIdentityPool  New-AcctADAccount  Create new machine  New-ProvVM  -ADAccountName  -ProvisioningSchemeName  -RunAsynchronously  Add to Machine Catalog  New-BrokerMachine  Add to Delivery Group  Add-BrokerMachinesToDesktopGroup  Using PowerShell to Create New Citrix MCS Machines | ScriptRunner @guyrleech 

Creating New PVS Devices  Active Directory Machine Accounts  Citrix won't do it for you – use ActiveDirectory module or ADSI to find unused machine  Also check PVS, Hypervisor & CVAD for orphans/remnants  Create new machine  New-VM via VMware PowerCLI (-template)  Add to PVS  New-PvsDevice with MAC address via Get-NetworkAdapter  Add-PvsDiskLocatorToDevice  Add-PvsDeviceToDomain  Add to Machine Catalog  New-BrokerMachine (must specify -HypervisorConnectionUid & -HostedMachineId)  Add to Delivery Group  Add-BrokerMachinesToDesktopGroup  Using PowerShell to Create new Citrix PVS Machines | ScriptRunner @guyrleech 

Configuring/Changing CVAD via PowerShell  Set-BrokerMachine  -InMaintenanceMode  Set-BrokerDesktopGroup (aka Delivery Group)  -InMaintenanceMode  -Enabled  Set-BrokerCatalog  Disconnect-BrokerSession / Stop-BrokerSession  Send-BrokerSessionMessage @guyrleech 

Admin/Checking CVAD via PowerShell  Get-BrokerSession  Filter left for speed: -username, -machinename, -sessionstate, etc  Get-BrokerMachine  -InMaintenanceMode  -Filter e.g. -Filter { InMaintenanceMode -eq 'True' -or RegistrationState -ne 'Registered' }  Get-PvsDevice  "join" with Get-PvsDiskInfo, hypervisor, CVAD  Get-BrokerCatalog  Get-BrokerDesktopGroup  Get-BrokerController @guyrleech 

CVAD PowerShell Considerations  -AdminAddress (on every call, consider splatting)  Set-PVSConnection (once)  -MaxRecordCount & -ReturnTotalRecordCount  Cloud – create credential profile via downloaded secrets csv file  But then most things are the same as on-premises, with a few restrictions  PowerShell view in Citrix Studio – helps you figure out the "how"  (Legacy) Snapins versus Modules (latter from 1912 LTSR onwards)  But still not real modules – won't work with Pwsh 7.x  Account used to run – least privileged @guyrleech 

Scheduled Tasks  Least privileged service account (with "log on as a batch job" privilege)  Test command line via (legacy) cmd.exe running as account set to run task  Write a log file (Start-Transcript/Stop-Transcript)  Use a single management machine ("jump box") – install all cmdlets, SDKs, etc  Create separate task folders  Notifications on success/failure - email  Gotchas  Single quotes  Nested quotes (if all else fails, base64 encode the command line)  Array flattening (resurrect with –split)  $true/$false treated as string literals (use [switch] or [bool]::Parse() )  Easy to copy with PowerShell @guyrleech 

CVAD PowerShell Pre-requisites  PowerShell cmdlets  Installed with Studio (but don't use a Delivery Controller)  PowerShell MSI files from CVAD ISO  Remote PowerShell SDK (for Cloud ONLY)  PVS (7.8 onwards) uses console dlls for modules  Not available on PowerShell Gallery, etc @guyrleech 

Guy's Top Tips  Test, test, test (automate with Pester?)  Boundary conditions – too big/small?  Bad input – users do the stupidest things  Scale – works ok with 2 but what about 2222 ?  What if ("no sane person should ever do this but …")  Document – are comments in the code really enough?  No Clear Text Passwords  Least Privilege  Annotate  Error Handling & Reporting  Change & Version Control  Use a Jump Box, not production servers  Backup  Systems before changing  Scripts, config files, command lines, scheduled tasks  Audit trail (Write-EventLog) @guyrleech 

Useful Resources  github.com/guyrleech  github.com/guyrleech/Citrix  carlwebster.com  workspace-guru.com  github.com/citrix  www.scriptrunner.com/en/software/script-collections/  developer.cloud.com  jgspiers.com @guyrleech 

The End (or is it the Beginning?)  Go forth and automate  Or fifth 😄 @guyrleech