Turotial on how to deploy Windows 2016 RDS with PowerShell in a Single Server
Updated based on Windows 2019 RDS Server
| Server Name |
IP Address |
Functionality |
| DEV-AD01.AVENTIS.DEV |
10.10.10.30/24 |
AD Domain Controller |
| DEV-RDS01.AVENTIS.DEV |
10.10.10.31/24 |
RD Licensing, Session Host & Connection Broker |
| DEV-RDSGW.AVENTIS.DEV |
10.10.10.32/24 |
RD Web & Gateway |
The New-RDSessionDeployment cmdlet installs role services required for the Virtual Desktop Infrastructure (VDI) to create a Remote Desktop Services (RDS) session-based Remote Desktop deployment
Enable all RDS Roles from DEV-AD01 Server
Import-Module RemoteDesktop
$RDS01 = "dev-rds01.aventis.dev"
$RDSGW = "dev-rdsgw.aventis.dev"
# Install RD Connection Broker & Session Host
New-RDSessionDeployment -ConnectionBroker $RDS01 -SessionHost $RDS01 -Verbose
# Add RD Web & Gateway to RD Session Deployment
Add-RDServer -Server $RDSGW -Role RDS-WEB-ACCESS -ConnectionBroker $RDS01
Add-RDServer -Server $RDSGW -Role RDS-GATEWAY -ConnectionBroker $RDS01 -GatewayExternalFqdn "rds.aventis.dev"
Do NOT run the PowerShell above on DEV-RDS01 or DEV-RDSGW, run it on DEV-AD01
DEV-RDS01 & DEV-RDSGW will be rebooted automatically once all RDS Roles are installed successfully
RDS Licensing Server (Optional)
Login to DEV-RDS01 to enable RDS Licensing Role
Add-WindowsFeature -Name RDS-Licensing, RDS-Licensing-UI
Change the RDS License Mode to Per User Mode, and point local RDS Server to local Licensing Server
Set-RDLicenseConfiguration -Mode PerUser -LicenseServer $RDS01
Get-RDLicenseConfiguration
Mode LicenseServer
---- -------------
PerUser {DEV-RDS01.AVENTIS.DEV}
Add the Licensing Server into Deployment
Add-RDServer -Server $RDS01 -Role RDS-LICENSING -ConnectionBroker $RDS01
Activate RD Licensing Server
Set-Location RDS:
# Navigate to the RD License Server configuration cd RDS:\LicenseServer\Configuration
# Config required info fields for the activation process Set-Item –Path .\FirstName -Value AVENTIS
Set-Item –Path .\LastName -Value DEV
Set-Item -Path .\Company -Value AVENTIS
Set-Item -Path .\CountryRegion -Value "MALAYSIA"
# Optional info can be configured with the following lines Set-Item -Path .\eMail -Value [email protected]
Set-Item -Path .\OrgUnit –Value AVENTIS
Set-Item -Path .\Address –Value AVENTIS
Set-Item -Path .\City –Value PUCHONG
Set-Item -Path .\State –Value SELANGOR
Set-Item -Path .\PostalCode –Value 47100
# Navigate to the RD License Server configuration
cd RDS:\LicenseServer
# Activate the RD License Server
Set-Item –Path .\ActivationStatus -Value 1 -ConnectionMethod AUTO -Reason 5
Add DEV-RDS01 to Terminal Server License Servers Group in DEV-AD01
# Run in AD
Add-ADGroupMember "Terminal Server License Servers" -Members "dev-rds01$"
SSL Certificate for RDS Roles
Set all RDS Roles to use the Let’s Encrypt Wildcard SSL Certificate
$Path = "C:\Temp\Lets-AventisDev.pfx" $Password = ConvertTo-SecureString -String "[email protected][email protected]#$" -AsPlainText -Force
Set-RDCertificate -Role RDGateway -ImportPath $Path -Password $Password -ConnectionBroker $RDS01 -Force
Set-RDCertificate -Role RDWebAccess -ImportPath $Path -Password $Password -ConnectionBroker $RDS01 -Force
Set-RDCertificate -Role RDPublishing -ImportPath $Path -Password $Password -ConnectionBroker $RDS01 -Force
Set-RDCertificate -Role RDRedirector -ImportPath $Path -Password $Password -ConnectionBroker $RDS01 -Force
Verify the SSL Certificate are configured properly
Get-RDCertificate
Role Level ExpiresOn IssuedTo
---- ----- --------- --------
RDRedirector Trusted 03/14/2021 13:44:41 CN=*.aventis.dev
RDPublishing Trusted 03/14/2021 13:44:41 CN=*.aventis.dev
RDWebAccess Trusted 03/14/2021 13:44:41 CN=*.aventis.dev
RDGateway Trusted 03/14/2021 13:44:41 CN=*.aventis.dev
Session Collection
A Session Collection holds the apps and desktops you want to make available to users. pooled desktop sessions or personal desktop sessions can be configured
Create a Session Collection called UAT
$CollectionName = "UAT"
New-RDSessionCollection –CollectionName $CollectionName –SessionHost $RDS01 –ConnectionBroker $RDS01 –CollectionDescription “UAT for Session Host”
Allow the Domain Administrator to access the new Session Collection. Domain Users is included by default.
$UserGroup [email protected]("AVENTIS\Domain Users","AVENTIS\Administrator")
Set-RDSessionCollectionConfiguration -CollectionName $CollectionName -UserGroup $UserGroup
Please refer to Microsoft Docs for detail configuration available with PowerShell
Publish Application
Install Microsoft Edge on DEV-RDS01 and publish it
$Edge = Get-RDAvailableApp -CollectionName $CollectionName | ? DisplayName -like "Microsoft Edge"
Publish Microsoft Edge
New-RDRemoteapp -Alias $Edge.DisplayName -DisplayName $Edge.DisplayName -FilePath $Edge.FilePath `
-ShowInWebAccess 1 -CollectionName $CollectionName -ConnectionBroker $RDS01
Login to https://rds.aventis.dev with AVENTIS\USERNAME to verify Microsoft Edge is published and can be launched successfully
Update the PowerShellGet Module
Install-Module -Name PowerShellGet -Force
Close the existing PowerShell Console and reopen it, otherwise the module may not work
Install RD Web Client Management Module
Install-Module -Name RDWebClientManagement
Download the latest version of RD Web Client
Install-RDWebClientPackage
Link the SSL Certificate used for RD Connection Broker
$Password = ConvertTo-SecureString -String "[email protected][email protected]#$" -AsPlainText -Force
Import-RDWebClientBrokerCert -Path C:\Temp\Lets-AventisDev.pfx -Password $Password
Publish RD Web Client
Publish-RDWebClientPackage -Type Production -Latest
Ignore the warning mention that per-device CALs are not supported if Pre-User CALs is used.
Configure HTTP Redirect for the Default Web Site to /RDWeb in RDS Server
User can login to RD Web Client via https://rds.aventis.dev now
Ensure that all RDS Servers are added to Server Manager
SSL Certificate Binding in IIS
Bind the Let’s Encrypt SSL Wildcard Certificate in IIS using PowerShell
Import-Module webadministration
Get-Website -Name 'Default Web Site'
Get-WebBinding -Name 'Default Web Site'
(Get-Website -Name 'Default Web Site').bindings.Collection
$cert = Get-ChildItem cert:\localmachine\my | ? Subject -EQ "CN=*.aventis.dev"
$bindingInfo = "IIS:\SSLBindings\*!443"
$cert | Set-Item -Path $bindingInfo
Dieser Artikel wurde möglicherweise automatisch übersetzt. Wenn Sie eine Rückmeldung bezüglich dessen Qualität geben möchten, teilen Sie uns diese über das Formular unten auf dieser Seite mit.
Führen Sie die folgenden Schritte aus, um die RDS-Rolle auf einem Server zu installieren, auf dem Windows Server Core ausgeführt wird. 1. Geben Sie Start PowerShell in das Eingabeaufforderungsfenster ein und starten Sie so Windows PowerShell. 2. Geben Sie Install-WindowsFeature Remote-Desktop-Services ein und drücken Sie die Eingabetaste , um die RDS-Rolle zu installieren. Weitere Informationen: Diese Informationen gelten für Windows Server 2012 und Windows Server 2012 R2. Die folgenden RDS-Rollendienste können mit Windows PowerShell installiert werden. - Remotedesktop-Verbindungsbroker
- Gateway für Remotedesktop
- Remotedesktoplizenzierung
- Remotedesktop-Sitzungshost
- Host für Remotedesktopvirtualisierung
- Remotedesktop-Webzugriff
Die folgenden Windows PowerShell-Cmdlets sind für die Verwaltung der RDS-Rolle auf einem Server verfügbar, auf dem Windows Server Core ausgeführt wird. Add-RDServer - Adds a server to a remote desktop deployment.
Add-RDSessionHost - Adds one or more Remote Desktop Session Host (RD Session Host) servers to a session collection.
Add-RDVirtualDesktopToCollection - Adds one or more virtual desktops to an existing virtual desktop collection.
Disable-RDVirtualDesktopADMachineAccountReuse - Prevents the Remote Desktop Connection Broker (RD Connection Broker) server from reusing existing Active Directory (AD) computer accounts when creating new virtual machines from a template in a managed virtual desktop collection.
Disconnect-RDUser - Disconnects a specified user from a session running on the remote server.
Enable-RDVirtualDesktopADMachineAccountReuse - Configures the RD Connection Broker server to reuse existing AD computer accounts for pooled virtual desktops created from a template in a managed collection.
Export-RDPersonalVirtualDesktopAssignment - Saves the current associations between users and personal virtual personal desktops to a delimited text file.
Get-RDAvailableApp - Gets a list of applications that can be published from the collection specified in the Collection Name parameter.
Get-RDCertificate - Gets the certificate associated with a RDS role.
Get-RDConnectionBrokerHighAvailability Retrieves the high availability settings for the RD Connection Broker server.
Get-RDDeploymentGatewayConfiguration Gets configuration settings for the Remote Desktop Gateway (RD Gateway) for the remote desktop deployment.
Get-RDFileTypeAssociation Displays the file extensions associated with a given RemoteApp program.
Get-RDLicenseConfiguration Gets the current settings for the RD Licensing server and licensing mode of the remote desktop deployment.
Get-RDPersonalVirtualDesktopAssignment Gets a list of personal virtual desktops and associated user accounts.
Get-RDPersonalVirtualDesktopPatchSchedule Gets patch schedule details for the specified personal virtual desktop.
Get-RDRemoteApp Gets a list of RemoteApp programs for a given collection or for the remote desktop deployment.
Get-RDRemoteDesktop Gets a list of published remote desktops in the collection.
Get-RDServer Gets a list of servers in a remote desktop deployment.
Get-RDSessionCollection Gets a list of session collections in the remote desktop deployment.
Get-RDSessionCollectionConfiguration Gets configuration details for the specified session collection.
Get-RDSessionHost Gets a list of RD Session Host servers in a session collection.
Get-RDUserSession Gets a list of all user sessions in a collection, or in the remote desktop deployment.
Get-RDVirtualDesktop Gets a list of virtual desktops in the remote desktop deployment.
Get-RDVirtualDesktopCollection Gets a list of existing virtual desktops in a remote desktop deployment.
Get-RDVirtualDesktopCollectionConfiguration Gets configuration details for the specified virtual desktop collection.
Get-RDVirtualDesktopCollectionJobStatus Gets status information for the job run most recently on the specified virtual desktop collection.
Get-RDVirtualDesktopConcurrency Gets the number of virtual desktops that can be created in parallel on the specified Remote Desktop Virtualization Host (RD Virtualization Host) servers.
Get-RDVirtualDesktopIdleCount - Gets the number of idle virtual desktops on hosts.
Get-RDVirtualDesktopTemplateExportPath Gets the export path setting of the virtual desktop template used for the virtual machine based desktop deployment.
Get-RDWorkspace Gets the workspace name for a remote desktop deployment.
Grant-RDOUAccess Grants access to the Remote Desktop RD Connection Broker server for one or more organizational units (OUs) in a given domain of the Active Directory Domain Services (AD DS) server.
Import-RDPersonalVirtualDesktopAssignment Creates associations between user accounts and personal virtual desktops by importing the settings specified in a delimited text file.
Invoke-RDUserLogoff Ends the specified session, closing all running applications.
Move-RDVirtualDesktop Moves a virtual desktop to a new RD Virtualization Host server.
New-RDCertificate Creates a new certificate for a Remote Desktop Services role.
New-RDPersonalVirtualDesktopPatchSchedule Creates a new patch schedule for a personal virtual desktop.
New-RDRemoteApp Publishes a RemoteApp program to the remote desktop deployment.
New-RDSessionCollection Creates a new session collection from the specified RD Session Host servers.
New-RDSessionDeployment Installs the required role services for a Virtual Desktop Infrastructure (VDI) to create a Remote Desktop Services session-based desktop deployment.
New-RDVirtualDesktopCollection Creates a new virtual desktop collection.
New-RDVirtualDesktopDeployment Installs required role services for Virtual Desktop Infrastructure (VDI) to create a virtual machine-based desktop deployment.
Remove-RDPersonalVirtualDesktopAssignment Removes the association between a personal virtual desktop and a user.
Remove-RDPersonalVirtualDesktopPatchSchedule Deletes an existing patch schedule from the specified personal virtual desktop.
Remove-RDRemoteApp Removes a RemoteApp program from a remote desktop deployment.
Remove-RDServer Removes the specified server from a remote desktop deployment.
Remove-RDSessionCollection Removes a session collection from the remote desktop deployment.
Remove-RDSessionHost Removes one or more RD Session Host servers from a session collection.
Remove-RDVirtualDesktopCollection Deletes the specified virtual desktop collection from a remote desktop deployment.
Remove-RDVirtualDesktopFromCollection Removes a virtual desktop from the specified virtual desktop collection.
Send-RDUserMessage Sends a system message to the specified user session.
Set-RDActiveManagementServer Sets the active RD Connection Broker server, or management server, in a remote desktop deployment.
Set-RDCertificate Specifies configuration details of a certificate for use with a Remote Desktop Services role.
Set-RDClientAccessName - Sets a DNS name that clients use to connect to a Remote Desktop deployment.
Set-RDConnectionBrokerHighAvailability Specifies high availability settings for the RD Connection Broker server.
Set-RDDatabaseConnectionString Configures the database connection string to the SQL Server database that you have set up for high availability.
Set-RDDeploymentGatewayConfiguration Specifies settings for the Remote Desktop Gateway (RD Gateway) server for the remote desktop deployment.
Set-RDFileTypeAssociation Modifies the file type association of a RemoteApp program in the remote desktop deployment.
Set-RDLicenseConfiguration Specifies settings for the Remote Desktop Licensing (RD Licensing) server and licensing mode of the remote desktop deployment.
Set-RDPersonalVirtualDesktopAssignment Creates an association between a personal virtual desktop and a user account.
Set-RDPersonalVirtualDesktopPatchSchedule Configures patch schedule settings for a personal virtual desktop with an existing patch schedule.
Set-RDRemoteApp Specifies configuration details for a RemoteApp program running in the remote desktop deployment.
Set-RDRemoteDesktop Publishes a remote desktop to the specified collection.
Set-RDSessionCollectionConfiguration Specifies configuration options for an existing session collection.
Set-RDSessionHost Configures one or more RD Session Host servers in a session collection.
Set-RDVirtualDesktopCollectionConfiguration Specifies configuration details for an existing virtual desktop collection.
Set-RDVirtualDesktopConcurrency Specifies the number of virtual desktops that can be created in parallel on the specified RD Virtualization Host servers.
Set-RDVirtualDesktopIdleCount - Sets the maximum number of idle virtual desktops on host servers.
Set-RDVirtualDesktopTemplateExportPath Configures the path to use when exporting the virtual desktop templates for the virtual machine-based desktop deployment.
Set-RDWorkspace Assigns a workspace name for a remote desktop deployment.
Stop-RDVirtualDesktopCollectionJob Forcibly ends a job that is currently running, or is scheduled to run, on the specified virtual desktop collection.
Test-RDOUAccess Verifies that the RD Connection Broker server has access to the Active Directory Domain Services (AD DS) organizational unit (OU).
Test-RDVirtualDesktopADMachineAccountReuse Detects whether the RD Connection Broker server is configured to reuse existing Active Directory (AD) computer accounts when creating new virtual machines from a template in a managed virtual desktop collection.
Update-RDVirtualDesktopCollection Associates an existing virtual desktop collection with a new virtual desktop template.
Microsoft Windows 2012 Server, Microsoft Windows 2012 Server R2 Wenn nicht anders angegeben, sind alle Felder Pflichtfelder. Vielen Dank für Ihr Feedback. Derzeit ist kein Zugriff auf das Feedbacksystem möglich. Bitte versuchen Sie es später erneut. Die folgenden Sonderzeichen dürfen in Kommentaren nicht verwendet werden: <>()\
| 
