Cambios entre Versión 1 y Versión 2 de Delegación para Terminal Server licencing (evento 4105)

Fecha y hora:

31/05/2017 10:44:49 (hace 7 años)

Autor:

tonin

Comentario

--

Delegación para Terminal Server licencing (evento 4105)

@@ -1 +1 @@
 Información [https://support.microsoft.com/es-es/help/2030310/terminalservices-licensing-4105-the-terminal-services-license-server-cannot-update-the-license-attributes-for-user-username-in-active-directory-domain-domainname aquí].
+
+Aparte ejecuto este script porque el problema puede deberse a usuarios que se han creado con un schema de AD de 2003. Habría que subir cuando antes el nivel funcional.
+
+{{{#!powershell
+# Description: This script will add missing permissions for the Terminal
+#Server License Server group to user objects in Active Directory.
+# This may solve problems with TS CALs not beeing issued and event id
+#4105 being logged at the license server.
+
+# Constants
+$URL = "LDAP://DC=uco,DC=es";
+
+cls
+$root = New-Object DirectoryServices.DirectoryEntry $URL
+$ds = New-Object DirectoryServices.DirectorySearcher
+$ds.PageSize = 2000
+$ds.SearchRoot = $root
+$ds.filter = "objectCategory=Person"
+$src = $ds.findall()
+write-host "Found" $src.count "user objects.`n"
+$src | %{
+$de = $_.getdirectoryentry()
+$accessrules = $de.get_objectsecurity().getaccessrules($true, $false,[System.Security.Principal.SecurityIdentifier]) | ?{$_.ObjectType -eq "5805bc62-bdc9-4428-a5e2-856a0f4c185e"}
+if ((measure-object -inputobject $accessrules).count -eq 0)
+  {
+    $ar = new-object System.DirectoryServices.ActiveDirectoryAccessRule([System.Security.Principal.SecurityIdentifier]"S-1-5-32-561", 48, "Allow", [guid]"5805bc62-bdc9-4428-a5e2-856a0f4c185e")
+    $de.get_objectsecurity().addaccessrule($ar)
+    $de.commitchanges()
+    write-host -f yellow ("Added:`t" + $de.properties["sAMAccountName"])
+    start-sleep -m 200
+  }
+else
+  {
+    write-host -f green ("OK:`t" + $de.properties["sAMAccountName"])
+  }
+}
+}}}