0

I need a script that terminates all RDP sessions of an AD user. Only the username should be given, whereupon the script terminates all RDP sessions of this user (if necessary also enforces them).

Unfortunately, the Get-RDUserSession cmdlet does not work (the ConnectionBroker cannot be found). Unfortunately, I cannot process the result of the CMD command qwinsta in PowerShell.

Any ideas or tips?

Thank you.

Alex
  • 125
  • 2
  • 12
  • 1
    https://stackoverflow.com/questions/18192746/powershell-log-off-remote-session – Vivek Kumar Singh Mar 04 '21 at 12:12
  • 1
    Does this answer your question? [Powershell Log Off Remote Session](https://stackoverflow.com/questions/18192746/powershell-log-off-remote-session) – Jeff Zeitlin Mar 04 '21 at 12:41
  • It would seem reasonable to investigate why `Get-RDUserSession` doesn't work for you. Did you pass the correct [-ConnectionBroker](https://learn.microsoft.com/en-us/powershell/module/remotedesktop/get-rdconnectionbrokerhighavailability?view=win10-ps)? Where's your [mcve]? – IInspectable Mar 04 '21 at 13:15

2 Answers2

1

You can create custom objects from qwinsta's output, filter them and use rwinsta to kill the session.

Function Get-TSSessions
{

param (
    [Parameter(Mandatory = $true, Position = 0 )]
    [String]$ComputerName
    ) # End Parameter Block

qwinsta /server:$ComputerName |
ForEach-Object{
    If($_ -notmatch "SESSIONNAME")
    {
    New-Object -TypeName PSObject -Property `
    @{
        "ID"           = [Int]$_.SubString(41,05).Trim()
        "ComputerName" = $Computer
        "User"         = $_.SubString(19,22).Trim()
        "State"        = $_.SubString(47,08).Trim()
        }
    }
}

} # End Function Get-TSSessions

Get-TSSessions -ComputerName <ServerName> | 
Where-Object{$_.User -eq "SomeUser"} |
ForEach{ & "rwinsta /Server:$($_.ComputerName) $($_.ID)" }

Obviously, you can improve by wrapping up the rwinsta command in its own function. At the moment I only have reporting work written around this sort of thing, so in the spirit of answering the question without writing the whole thing, this should get you through.

Also, I believe there are a number of scripts and functions available for this on the PowerShell Gallery. In fact, I think there were functions Get/Stop-TerminalSession in the PowerShell Community Extensions, which you can install as a module.

Steven
  • 6,817
  • 1
  • 14
  • 14
0
param
(
    [Parameter(Mandatory = $false,
               HelpMessage = 'Specifies the user name (SamAccountName).',
               DontShow = $false)]
    [SupportsWildcards()]
    [ValidateNotNullOrEmpty()]
    [ValidateScript({
            Import-Module -Name 'ActiveDirectory' -Force
            if (Get-ADUser -Filter "sAMAccountName -eq '$_'") {
                return $true
            } else {
                return $false
            }
        })]
    [string]$Username = $env:USERNAME
)

$ErrorActionPreference = 'SilentlyContinue'
Import-Module -Name 'ActiveDirectory' -Force

foreach ($system in (Get-ADComputer -Filter ("Name -ne '$env:COMPUTERNAME' -and OperatingSystem -like 'Windows Server*'"))) {
    [string]$system = $system.Name
    $session = ((quser /server:$system | Where-Object {
                $_ -match $Username
            }) -split ' +')[3]
    if ($session) {
        logoff $session /server:$system
    }
}
Alex
  • 125
  • 2
  • 12