Unable to set ms-TS-Max-Idle-Time LDAP attribute from script
I need help with an LDAP attribute that I’m trying to assign for adding a new AD user. I’m using the following Python script for adding a new user and everything works as expected: # sample attributes ldap_attr = {} ldap_attr['objectClass'] = ['top', 'person' , 'organizationalPerson' , 'user' ] ldap_attr['cn'] = user_username ldap_attr['givenName'] = user_firstname ldap_attr['sn'] = user_lastname ldap_attr['uid'] = user_username ldap_attr['sAMAccountName'] = user_username ldap_attr['mail'] = user_email ldap_attr['telephoneNumber'] = user_phonenumber ldap_attr['userPrincipalName'] = f"{user_username}@{ad_domain}" ldap_attr['displayName'] = f"{user_firstname} {user_lastname}" ### SCRIPT PATH ldap_attr['scriptPath'] = 'sto.bat' ### SESSION TIMEOUTS ldap_attr['msTSMaxDisconnectionTime'] = 1 ldap_attr['msTSMaxIdleTime'] = 120 ldap_attr['msTSReconnectionAction'] = True However, the following attributes listed in that script aren’t being added to that user related to Terminal Service: - msTSMaxDisconnectionTime - msTSMaxIdleTime - msTSReconnectionAction I’m using the correct LDAP name and value type based on the supported Microsoft documentation. I’m not sure if there is anything that needs to be set on the AD domain controller itself or anything I need to define differently within my script. But any help is much appreciated because I’m unable to find any results related to my issue. Thanks!
manipulation with users and groups in root domain
Hi, we have problem with application server which resides in tree domain dm1.domain.com, we need to manipulate users and groups (crerate user, add to group e.t.c) in our root domain dm.domain.com, this application server (linux based) uses AD ldap to connect to tree domain, there is no direct connection to root domain controllers. Wee need to create users and groups through this application server in root domain. Is this possible to configure somehow? Thanks
