cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Unable to set ms-TS-Max-Idle-Time LDAP attribute from script

ccie6778
Copper Contributor

‎Feb 02 2023 12:51 AM

‎Feb 02 2023 12:51 AM

Unable to set ms-TS-Max-Idle-Time LDAP attribute from script

I need help with an LDAP attribute that I’m trying to assign for adding a new AD user.

 

I’m using the following Python script for adding a new user and everything works as expected:

 

# sample attributes
ldap_attr = {}
ldap_attr['objectClass'] = ['top', 'person' , 'organizationalPerson' , 'user' ]
ldap_attr['cn'] = user_username
ldap_attr['givenName'] = user_firstname
ldap_attr['sn'] = user_lastname
ldap_attr['uid'] = user_username
ldap_attr['sAMAccountName'] = user_username
ldap_attr['mail'] = user_email
ldap_attr['telephoneNumber'] = user_phonenumber
ldap_attr['userPrincipalName'] = f"{user_username}@{ad_domain}"
ldap_attr['displayName'] = f"{user_firstname} {user_lastname}"
### SCRIPT PATH
ldap_attr['scriptPath'] = 'sto.bat'
### SESSION TIMEOUTS
ldap_attr['msTSMaxDisconnectionTime'] = 1
ldap_attr['msTSMaxIdleTime'] = 120
ldap_attr['msTSReconnectionAction'] = True


However, the following attributes listed in that script aren’t being added to that user related to Terminal Service:

- msTSMaxDisconnectionTime
- msTSMaxIdleTime
- msTSReconnectionAction


I’m using the correct LDAP name and value type based on the supported Microsoft documentation.

 

I’m not sure if there is anything that needs to be set on the AD domain controller itself or anything I need to define differently within my script. But any help is much appreciated because I’m unable to find any results related to my issue.

 

Thanks!

268 Views
0 Likes
0 Replies
Reply
0 Replies