Category Archives: Edgesight

Silently installing the Citrix Edgesight ActiveX plugin

Just a really quick blog post on how to silently install the reporting agent inside your environment.

Log into a server / client without the EdgeSight plugin installed, and browse to the edgesight website. Once logged in, you will receive the usual prompt to install the software:

Install the software and ensure it works, then fire up a command prompt and browse down to “c:windowsdownloaded program files”. Once in this folder, a DIR will reveal the ActiveX plugin “csmdbprov.dll”.

Now simply copy this file out to shared storage:

Once done, now its scripting time!

Below are two examples in batch (.bat , .cmd) or PowerShell (.ps1) for achieving this:

(please amend h:csmdbprov.dll to the path you use)

Batch:

[sourcecode language=”text”]
copy h:csmdbprov.dll "c:windowsdownloaded program files"
regsvr32 /s "c:windowsdownloaded program files"
[/sourcecode]

Powershell:

[sourcecode language=”powershell”]
if (test-path h:csmdbprov.dll){
copy-item H:csmdbprov.dll ‘C:WindowsDownloaded Program Files’ -Force
start-process regsvr32 -ArgumentList "/s ""C:WindowsDownloaded Program Filescsmdbprov.dll""" -wait
}
[/sourcecode]

Creating hardware based device groups in Citrix Edgesight

If you want to organise your hardware into easy to view groups in edgesight, this is the post for you!

It can be extremely useful when retiring new hardware, or doing inventory as below:

Using your preferential database browsing tool, browse over to the edgesight database and view the contents of the DBO.Box_asset as below, this table will give you a view of the types of hardware on which you can create your reports:

Take a note of the Hardware types above and lets jump over to edgesight and start creating the groups.

Logged into the EdgeSight console, go to the configure tab, Device managementGroups:

Click the new group button:

On the new group tab, configure the relevant names and the options you require, below is an example:

Once happy with the options, click create group.

On the Member Type selection, choose Queries.

On the query page, select new query:

Name the query as you wish then paste the following in below (replacing %query% with the hardware type you have identified above).

Note: a % is the equivalent of a * in sql language.

select i.instid
from instance  as i inner join machine as m on i.machid = m.machid
inner join box_asset as b on b.boxaid = m.boxaid
WHERE b.model LIKE '%query%'

Once finished, click the test query button to ensure you have the results you desire in the window as above.

Assuming you are happy with your result, Click save query, Add query then next, then finally Finish.

Once complete, browse to Device Management, devices and in the dropdown you’ll see the newly created groups on which you can run reports.

Using my Citrix Edgesight Powershell module with Active directory OU’s.

I received a request on twitter late last night and it was an interesting one. The person in question wanted to use my current edgesight module to import users from active directory into the static Citrix Edgesight groups, but instead of group membership in Active Directory, they wanted to use Active Directory Organisational Units.

All the information on how to use the module is included in the previous post, so I wont re-invent the wheel. Have a read of the previous post for any caveats or pre-emptive misunderstandings.

Below are two code snippets to use OU membership with either the Quest or Microsoft cmdlets for active directory, just modify the OU Path below, I’ve tried to include a long example to ensure there’s no confusion.

 Quest Active directory Snap-in:

[sourcecode language=”Powershell”]
#Quest Active directory module
import-module "C:citrix.edgesight.cmdlets.psm1"
add-pssnapin Quest.ActiveRoles.ADManagement
$ADOU=’domain.domain.com/Country/Users/advanced/Helpdesk’
$esgroupid=20

#clear the group before import
clear-esgroupmembers -groupid $esgroupid

#get users from group, then import them into edgesight
foreach ($user in get-QADUser -SearchRoot $ADOU -SizeLimit 0){
$prid = get-ESUserPrid $user.logonname
if ($prid -NE $null){
Add-ESGroupMember -groupid $ESgroupid -prid $prid
}
}#end For
[/sourcecode]

Microsoft Active directory module:

 

[sourcecode language=”Powershell”]
#Microsoft active directory module
import-module "C:citrix.edgesight.cmdlets.psm1"
import-module activedirectory
$ADOU="OU=helpdesk,OU=advanced,OU=Users,OU=Country,DC=domain,DC=domain,DC=com"
$esgroupid=20

#clear the group before import
clear-esgroupmembers -groupid $esgroupid

#get users from group, then import them into edgesight
foreach ($user in get-ADUser -filter * -searchbase $ADOU){
$prid = get-ESUserPrid $user.samaccountname
if ($prid -NE $null){
Add-ESGroupMember -groupid $ESgroupid -prid $prid
}
}#end For
[/sourcecode]

Importing Users to Citrix Edgesight User Groups from Active Directory.

I’ve blogged about Edgesight reporting previously, but in this case I needed to populate Edgesight groups from active directory and keep them up to date. This functionality is (rather strangely) not available in Edgesight and for this reason I decided to create a Powershell module to allow for automation of user group population from active directory.

Edgesight doesn’t seem to have any API’s or command line interfaces to hook into. For this reason my scripts are based on connecting to the Edgesight database and retrieving the information with SQL statements. This presented a really fun challenge for me as I’m an SQL novice. I learned quite a bit in a short period of time by writing this powershell module.

With the following module you can run scheduled tasks to connect to your edgesight database and add / amend your user groups with ease.

First, some caveats, warnings and limitations of Edgesight you should be aware of:

  • My SQL statements have been tested fully internally and work flawlessly, that being said Always backup your database before you attempt to use these modules.
  • Each Edgesight group has a unique GUID assigned when it is created, for this reason you must manually create the Edgesight groups before attempting to import users.
  • Each user has a unique identifier in Edgesight called a PRID, if Edgesight has not seen a user before, the PRID will not exist. As such, you cannot import a user who has not logged into the environment before.

Continue reading

Report Access Gateway connections using Citrix Edgesight, based on user groups.

I’ve covered this topic before, and with my previous solution you had the ability to report all access gateway connections natively through edgesight with ease. Recently though, as a service provider our customers have started requesting their own reports on user login details.

With the request in hand, I went back to the drawing board and attempted to Re-Engineer this task with limited success. In the end the quickest solution I found was to simply modify the “Session Details for a User Group” report to include the query I covered in my previous copy.

This wasn’t without peril, many of the labels will cease to work when you re-upload your report, so there was quite a bit of manual intervention to make the report pretty again.

I do intend to follow up with a powershell script to help populate Edgesight user groups from active directory. Check back later or follow me on twitter for updates.

I’ve shared this report file below for anyone to use and below you will find the steps to take in order to complete this task.

Note: Ensure you have configured your Access Gateway Web Interfaces to differenciate access gateways connections, I covered this before here:

1: Download the file here from box.net and place it somewhere you can easily access from your browser:

2: Open your browser and login to your edgesight instance:

3: Once logged in, choose the Configure tab:

4: From the left hand menu, Choose Custom Reports:

5: Choose Upload a Report:

6: Browse to your file, then fill in the details as below, Click Upload:

7: Confirm your new report has been uploaded, then click the report to do a test run:

 

Select your Desired values, then click Go:

 

the output show appear as below (account details have been omitted):