CTXHealthCheck

0.0.8

Public/UserAccess/Get-CitrixUserAccessDetails.ps1

                                
<#PSScriptInfo

.VERSION 1.0.2

.GUID 42427037-9fe8-465e-a2bf-6d57f9a70509

.AUTHOR Pierre Smit

.COMPANYNAME  

.COPYRIGHT

.TAGS Citrix

.LICENSEURI

.PROJECTURI

.ICONURI

.EXTERNALMODULEDEPENDENCIES 

.REQUIREDSCRIPTS

.EXTERNALSCRIPTDEPENDENCIES

.RELEASENOTES

Created [22/05/2019_19:53]

Updated [22/05/2019_20:18]

Updated [06/06/2019_19:26] 

.PRIVATEDATA

#> 

<#

.DESCRIPTION 

For the CTX Dashboard

#>

Param()

function Get-CitrixUserAccessDetails {

                PARAM(

                [Parameter(Mandatory=$true, Position=0)]

                [ValidateNotNull()]

                [ValidateNotNullOrEmpty()]

                [string]$Username,

                [Parameter(Mandatory=$true, Position=1)]

                [ValidateNotNull()]

                [ValidateNotNullOrEmpty()]

                [string]$AdminServer)

Add-PSSnapin citrix*

$HSADesktop = $ValidUser =$userDeliveryGroup =$DesktopGroupAccess = $null

$DesktopGroupAccess = @()

$UserDeliveryGroup = @()

$UserDeliveryGroupUid = @()

$PublishedApps =@()

$PublishedDesktops =@()

$DirectPublishedDesktops = @()

$DirectPublishedApps = @()

$NoAccessPublishedApps = @()

$AccessPublishedApps = @()

$User = Get-ADUser $Username  -Properties *| select Name,GivenName,Surname,UserPrincipalName, EmailAddress, EmployeeID, EmployeeNumber, HomeDirectory, Enabled, Created, Modified, LastLogonDate,samaccountname

$AllUserGroups = Get-ADUser $Username -Properties * | Select-Object -ExpandProperty memberof | ForEach-Object {Get-ADGroup $_ | select SamAccountName }

$HSADesktop = $AllUserGroups|Where-Object {$_.SamAccountName -like "Citrix-HSA-Desktop"}

$BrokerAccessPolicy = Get-BrokerAccessPolicyRule -AdminAddress $AdminServer -AllowedConnections ViaAG | select IncludedUsers,DesktopGroupName,DesktopGroupUid

foreach ($AccessPolicy in $BrokerAccessPolicy) {

$IncludedGroups = $AccessPolicy | ForEach-Object { $_.IncludedUsers | Where-Object { $_.upn -Like "" } } | select Fullname

$IncludedUsersUPN  = $AccessPolicy | ForEach-Object { $_.IncludedUsers  | Where-Object { $_.upn -notlike "" }} | select UPN

foreach ($Group in $IncludedGroups) {

    $CheckMemberof = $null

    $CheckMemberof = $AllUserGroups | where {$_.SamAccountName -like $Group.FullName}

    if ($CheckMemberof -ne $null) {

            $userDeliveryGroup += $AccessPolicy.DesktopGroupName

            $UserDeliveryGroupUid  += $AccessPolicy.DesktopGroupUid

    }

}

foreach ($UserUpn in $IncludedUsersUPN) {

    if ($UserUpn.upn -like $User.UserPrincipalName) {

        $userDeliveryGroup += $AccessPolicy.DesktopGroupName

        $UserDeliveryGroupUid  += $AccessPolicy.DesktopGroupUid

     }

}

$DesktopGroupAccess += New-Object PSObject -Property @{

        DesktopGroupName       = $AccessPolicy.DesktopGroupName

        DesktopGroupUid        = $AccessPolicy.DesktopGroupUid

        IncludedGroups         = ($AccessPolicy | ForEach-Object { $_.IncludedUsers | Where-Object { $_.upn -Like "" } } | select Fullname).fullname

        IncludedUsersName      = ($AccessPolicy | ForEach-Object { $_.IncludedUsers  | Where-Object { $_.upn -notlike "" }} | select Name).name

        IncludedUsersUPN       = ($AccessPolicy | ForEach-Object { $_.IncludedUsers  | Where-Object { $_.upn -notlike "" }} | select UPN).UPN

       }

}

$DirectPublishedApps += Get-BrokerApplication -AssociatedUserUPN $User.UserPrincipalName -AdminAddress $AdminServer

$PublishedApps += $UserDeliveryGroupUid | ForEach-Object {Get-BrokerApplication -AssociatedDesktopGroupUid $_ -AdminAddress $AdminServer}

foreach ($app in $PublishedApps ) {

    $CheckMemberof = $null

    $CheckMemberof = $AllUserGroups | where {$_.SamAccountName -like $app.AssociatedUserFullNames}

    if ($CheckMemberof -ne $null) {$AccessPublishedApps += $app}

    else {$NoAccessPublishedApps += $app}

    }

$DirectPublishedDesktops = Get-BrokerMachine -AdminAddress $AdminServer -MaxRecordCount 5000 | where {$_.AssociatedUserUPNs -like $User.UserPrincipalName} | select DNSName,DesktopGroupName,OSType

if ([bool]$HSADesktop -eq $true) {

$userDeliveryGroup = $userDeliveryGroup | sort -Unique

foreach ($DelGroup in $userDeliveryGroup) {

$desktopkind = Get-BrokerMachine -DesktopGroupName $DelGroup

  if ( $desktopkind.DesktopKind  -like 'Shared') {

  $PublishedDesktops += New-Object PSObject -Property @{

    DNSNAme =  'Hosted Desktop'

    DesktopGroupName = $DelGroup

    OsType         = $desktopkind.OSType

   } | select DNSName,DesktopGroupName,OSType

  }

}

}

$ValidUser = @()

$ValidUser = New-Object PSObject -Property @{

        UserDetail            = $User

        AllUserGroups         = $AllUserGroups

        HSADesktop            = [bool]$HSADesktop

        UserDeliveryGroup     = $userDeliveryGroup

        UserDeliveryGroupUid  = $UserDeliveryGroupUid

        DirectPublishedApps   = $DirectPublishedApps | Select PublishedName,AssociatedUserUPNs,AssociatedUserNames,AssociatedUserFullNames,Description,enabled

        AccessPublishedApps   = $AccessPublishedApps | Select PublishedName,AssociatedUserUPNs,AssociatedUserNames,AssociatedUserFullNames,Description,enabled

        NoAccessPublishedApps = $NoAccessPublishedApps | Select PublishedName,AssociatedUserUPNs,AssociatedUserNames,AssociatedUserFullNames,Description,enabled

        PublishedDesktops     = $PublishedDesktops

        DirectPublishedDesktops     = $DirectPublishedDesktops

} | select UserDetail,AllUserGroups,HSADesktop,userDeliveryGroup,UserDeliveryGroupUid,DirectPublishedApps,AccessPublishedApps,NoAccessPublishedApps,PublishedDesktops,DirectPublishedDesktops

$ValidUser

}