Quest cmdlets get-qaduser profilepath strangeness

I am having a weird problem with something that I thought would be quite easy. I am looking to get all of my users who have a specific profile path specifiec in there terminal services tab in AD.  See a sample use below.

Now i thought this would be a simple as doing
get-qaduser -profilepath \\server\share

However this does not work. I have tried many combinations of using quotes " hyphens ' etc with no luck. The even stranger thing is if i do a global wildcard search * it only returns 3 results. I know alot more people have this set.

Any ideas?
LVL 35
Joseph DalyAsked:
Who is Participating?
Mike KlineConnect With a Mentor Commented:
It is a limit of how that value is stored.  See this question that I helped with (along with Chris Dent)
Joseph DalyAuthor Commented:
Ahhh crappy. I knew about the ADmodify being able to change the values. I was actually planning on using that but was hoping I would be able to come up with an ldap query to filter down the people I am changing.

We have users who have our old TS servers set for these as well as users who have our new ones in different offices. Kind of makes a blankey change not possible, If possible I would have liked to only select and modify them. Im surprised LDAP/powershell doesnt have a method for handling these.
Mike KlineCommented:
give Chris (or others) a chance; maybe there is a way to filter in powershell that I'm not aware of.
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Joseph DalyAuthor Commented:
Hopefully someone has some ideas otherwise the points are yours. It just stinks because we have two regional offices with their own TS settings and I just thought of this now but the two companies we migrated into our AD also have their own TS settings.

I would love to be able to do a find where servername is a specificname and only replace that. Make things a whole lot easier and less chance of causing issues elsewhere.
Unfortunately these parameters are in a binary blob in the 'userparameters' LDAP attribute of the user. Quest quys did not implement a searcher parameter for Get-QADUser for these, inspite of the fact, that you can see these TS parameters as 'normal' parameters in the output of Get-QADUser.

As far as I know you can only search on these attributes on the client side, that means you have to grab all users into PowerShell and PowerShell will select the relevant users for you. (see attached code) That is not very efficient and uses a lot of resources if you have several users.

If these were 'normal' attributes, you could use this form:

Get-QADUser -SearchAttributes @{tsprofilepath = '\\server\share'}

But in this case it does not work.
Get-QADUser | ?{$_.tsprofilepath -eq "\\server\share"}

Open in new window

Chris DentConnect With a Mentor PowerShell DeveloperCommented:

It's quite a problem. You can use LDAP filters to search for binary data, however, it doesn't let you use wildcards so it's really not very useful unfortunately.

Joseph DalyAuthor Commented:
Thanks guys
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.