Powershell and Routing and remote access scripted logoff


In Server 2008 Routing and Remote access it is possible to select a connected client and issue a disconnet command, right click client and click disconnect.

Is there a way to do this via a powershell / vbs script?
I would like to set a scheduled task which querires RRAS for connected clients and disconnects them.

Thanks in advance.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lucian ConstantinTrainerCommented:
Try this script - name it Whatever.CMD :

@echo off


rem set a TMP file having same name as the CMD file just with TMP extension
set RRASTMPFile=%~n0.TMP

rem Get a list of connected users
netsh ras show client | find "User" > %RRASTMPFile%

for /f "tokens=1-2 delims=:" %%a in (%RRASTMPFile%) do (
	call :RRASDisconn %%b

rem Clean the TMP file
del %RRASTMPFile%
goto :eof

	set RRASUser=%1
	rem clean spaces from user name
	set RRASUser=%RRASUser: =%
	echo Will disconnect user: *%RRASUser%*
	REM netsh ras set client %RRASUser% disconnect
goto :eof

Open in new window

To really disconnect the clients delete the REM on the line below "Will disconnect user"

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
hairylotsAuthor Commented:
Hello luconsta

Thanks heaps, the exact result I was after.
As I am not a batch / command guy I have taken your idea and implemented in powershell as I need to disconnect based on AD group membership.
1) query Ad for specific group members
2) query netsh for connected clients
3) strip out unwanted characters
4) convert both samaccountname from AD and also connected clients to lowercase
5) iterrate through connected clients then through AD member array and disconnect when equal.

As you can see powershell is still not a strength but after banging arround I have acheived the desired result, disconnect RAS clients based on AD group membership. Script is now scheduled to run at COB each day.
# Event log details
$EventID = "20274"
$EventLog_name = "System"
$EventLog_MachineName = "."
$EventLog_Source = "RemoteAccess"

# Query AD group membership
# the next line needs your details replaced with all values listed as <val>
$GName = "<your_group_name>,OU=Security Groups,OU=<your_OU>,DC=<your_domain>,DC=<Your_domain_ext>"
$group = [ADSI] "LDAP://$GName"
# prints group name to screen
# $group.cn

# get connected clients
$client_array = @(netsh ras show client | findstr User:)
# strip out unwanted characters
$client_array_striped = @(Foreach-Object {$client_array -replace "User:               ",""})

# create the member array
$i = 0
foreach ($member in $group.member)
      $member1+= @($i)
      $member2+= @($i)
      $i = $i +1

# Transfer samacocuntnames to member array and convert to lowercase
$i = 0
foreach ($member in $group.member)
      $Uname = new-object directoryservices.directoryentry("LDAP://$member")
      $member1[$i] = [string]$Uname.samaccountname
      $i = $i +1

# do the job, locate and disconnect
# iterate through connected clients array
foreach ($mem_cl in $client_array_striped)
      $mem_cl = $mem_cl.ToLower()
      # iterrate through the AD member array
      foreach ($ADmember in $member1)
      $ADmember = $ADmember.ToLower()
            if ($mem_cl.contains($ADmember))
            #disconnect client      
            Write-Host "Client disconnected: " $ADmember
            netsh ras set client $ADmember disconnect
            # loge event
            $EventLog = New-Object System.Diagnostics.EventLog($EventLog_name)
            $EventLog.MachineName = $EventLog_MachineName
            $EventLog.Source = $EventLog_Source
            $EventLog.WriteEntry("User: $ADmember has been logged off by end of day process.","Information", $EventID)
            break # exit foreach after user is found, stops No client found message


Thanks heaps, appreciated.
hairylotsAuthor Commented:
Lucian ConstantinTrainerCommented:
Glad to help you hairylots, and thanks for sharing the "powershell version".
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.