The Accidental Citrix Admin - The site for those who find themselves supporting Citrix involuntarily or accidentally
With all the writing I do for my website and customers, I recreate my Windows Server 2012 R2 Active Directory (AD) environment frequently. I thought I would show you how, in just a few seconds, I recreate my entire AD structure.
I am in the process of creating V4 of the PVS and XenApp documentation scripts. As part of the process I wanted to make sure all the current and future scripts worked with PowerShell Version 3.
Ever since I started working with Microsoft Active Directory (AD) in July 2001, I have always wondered what should be configured in the Default Domain Group Policy Object (GPO). I have had a couple of my AD mentors tell me what should be in the Default Domain GPO and I have parroted their recommendation for years now because I agree with them. I am sure I also read somewhere in the past 12 years the Best Practices for this GPO but just have never been able to find it. This morning I finally came across an article from Microsoft that clearly states what the Best Practices are for the Default Domain GPO.
In my 10 Things in AD… presentations, I talk about the importance of having the domain controller that holds the Primary Domain Controller Emulator (PDCe) role configured as the authoritative time source for the forest. In the PDF that accompanies the presentations, I include a link to a Microsoft Ask the Directory Service Team blog article. The main problem with that article is there is not enough detail for a lot of people. Now that Server 2008 and later include PowerShell cmdlets for Group Policy, I thought I would add some detail on creating the Group Policy with PowerShell.
At Briforum 2013 Chicago, after my session on More Things in AD…, someone asked me a question. The question was “What happens to the FSMO roles when the domain controller that holds them is demoted and is no longer a domain controller?” The person asking the question was wondering, in an emergency, if a domain controller (DC) must be quickly demoted and it is unknown if the DC holds any FSMO roles, what happens? I gave the answer and this article is to show proof my answer was correct because the asker gave me a puzzled look. Kind of looking at me asking “Are you sure?”
Citrix released Provisioning Services version 7 (PVS7) with support for running on Microsoft Windows Server 2012. Server 2012 has a really nice new feature called Group Managed Service Accounts (gMSA). Even though Citrix had to test installing PVS7 on Server 2012, I found that Citrix never tested using gMSA for the Stream or SOAP services. This article is my attempt to see if PVS7 will allow a gMSA for the Stream and SOAP services.