Problem with Powershell New-RDMUser

Hello,

Could you please remove the -CreateSQLLogin switch? This switch is no longer used with the latest RDM version.

You could also try without the -AuthenticationType "Database" as with a SQL data source in RDM, it will automatically set the account as Database authentication.

Let me know if this help to resolve your issue.

Best regards,

Hello,

We have been able to reproduce your issue.

I ticket has been sent to our engineering department. The internal ticket number is RDMW-3296. Once a fix will be available, we will update this topic.

Best regards,

Hello,

The following workaround will work to create a new user account on a MySQL data source. You will have to add the Update-RDMUI cmdlet just before the first RDM cmdlet after importing the RDM PowerShell module to update the local cache file.

Import-Module "${env:ProgramFiles(x86)}\Devolutions\Remote Desktop Manager\RemoteDesktopManager.PowerShellModule.psd1"
Update-RDMUI
$my_secure_password_string = convertto-securestring "userpassword" -asplaintext -force
$user= New-RDMUser -Login "User" -CreateSQLServerLogin -AuthentificationType "Database" -Email "useraccount@mydomain.com" -Password $my_secure_password_string

Best regards,

Good Morning,

thank you for the fast support.

After removing the paramters "CreateSQLServerLogin" and "AuthentificationType" and adding the "Update-RDMUI" cmdlet, i was able to create users.


Best regards

Using a MSQL Database:

It seems like Set-RDMUser (or New-RDMUser with the -SetUser flag) disassociates from the database. I'm trying to create users using the -IntegratedSecurity and -SkipCreateSQLServerLogin and it complains every single time with a popup that it cannot identify the user.

"Cannot find the login 'domain\user', because it does not exist or you do not have permission."

However, it does successfully create it in the user tab.

I've added a "Update-RDMUI" after each call to Set-RDMUser so work around this annoyance. But a root cause would be nice.


Version 2019.1.38.0 64-bit

.NET Runtime: v4.0.30319
.NET Version: 4.7.2 or better

Hello,

Could you please send me the command line that creates the user account?

If you're using the same command line I have posted in my previous message, could you please try it with RDM version 2019.1.41?

Best regards,

New-RDMUser -Login 'domain\user' -IntegratedSecurity -SkipCreateSQLServerLogin -Email "x@y.z" -SetUser

Or

$User = New-RDMUser -Login 'domain\user' -IntegratedSecurity -SkipCreateSQLServerLogin -Email "x@y.z"
Set-RDMUser -User $User




Full process:

Import Module, Check Data Source, Refresh for "fun," ensure user exists in domain, format my user's Login, validate the output



Create the $RDMUser variable with New-RDMUser, Verify an object was created, Attempt to Set-RDMUser

Hit error:



Update-RDMUI again (because I'm no longer connected to the data source for some reason?), attempt to find user object against the data source: it is created successfully.




One thing: we are skipping SQL Server Login creation because we have added an AD Group as a login on the SQL server, for which all RDM users are a member of. I hope it's not trying to check the database for said Server Login.

Hello,

Thank you for the screen captures and the explanation of your issue.

It seems that the account connected to the SQL data source doesn't have enough permissions to create user account in the database. Are you connected with an account that has administrator privileges in RDM? If so, could you please try to connect with a sysadmin account to your SQL data source in RDM, then select the account that is running the PowerShell commands and click on the Fix SQL Login button? That should fix the issue.


About using an AD Group to let users to connect without creating a SQL account, we do not recommend to use this and we do not support that configuration with RDM. There is a more secure method than this one to create accounts only in the RDM SQL database. It's the Custom Login method. You will find more information about it on the following online help page and blog article.
https://help.remotedesktopmanager.com/datasource_sqlserver.htm#general

https://help.remotedesktopmanager.com/administration_usermanagement.htm#general

https://blog.devolutions.net/2019/06/sql-server-with-integrated-security-thats-so-2015


Let me know if you need more information about the Custom Login feature.

Best regards,

I see a custom login as a barrier: won't that require an additional password to authenticate to the RDM application? More information in-depth would be great - the blog and guides do not go into much detail.

I am indeed logging in as an application admin:



But get a similar error, then "Done":




No changes when creating/updating users.

Hello,

Sorry that I didn't ask you the question correctly about administrative privileges. Could you please connect with an account that has higher database privileges and use the Fix SQL Login on your own admin account to grant the right permissions to be able to create other accounts? The following screen capture shows that I am connected with a SysAdmin account.



For the Custom accounts, in fact, you will have to configure the Settings section using a SQL account that has enough privileges on the SQL database (see #1). And the custom account credentials need to be saved in the Username and Password fields of the General tab (see #2).



A method to deploy this configuration is to create a Data Source Configuration file (.RDD) that will already contain the Database login account. The users will only have to import this file and fill in their credentials in the General tab.

Best regards,

Hello,

I attempted the fix against the account as a dbower and sa, but the account still has permission issues, apparently.

Should I open a support ticket instead of the forum?

Hello,

Can you create a user account with the sa account?

You can indeed open a ticket at ticket@devolutions.net and we will send you our online reservation system to book a session to investigate your issue. Normally, using the Fix SQL Login button should help to resolve this problem.

Best regards,