One of our Citrix Technology Professionals asked at Synergy how to use the XenApp/XenDesktop PowerShell SDK to get the list of administrators for a specific object, as is shown in Studio:

Studio screenshot showing administrators for an object

It turns out that due to the flexibility of the delegated administration model used in XenApp/XenDesktop, this information isn’t trivially available from the SDK. In order to help the CTP and anyone else who might find this useful, I’ve put together a little PowerShell script which duplicates the logic used by Studio to populate this information:

# Change the snap-ins being added depending on the object type you're interested in
Add-PsSnapin Citrix.Broker.Admin.V2
Add-PsSnapin Citrix.DelegatedAdmin.Admin.V1

# Change Get-BrokerCatalog here as appropriate for the object type you're interested in
# or remove entirely if you're dealing with an unscoped object type
$scopes = (Get-BrokerCatalog -Name "MyFirstCatalog").Scopes | Select-Object -ExpandProperty ScopeId

# First, get all the permissions which are relevant to this object type
# Change "Catalog" here as appropriate for the object type you're interested in
$permissions = Get-AdminPermission | Where-Object { $_.MetadataMap["Citrix_ObjectType"] -eq "Catalog" } |
 Select-Object -ExpandProperty Id

# Now, get all the roles which include at least one of those permissions
$roles = Get-AdminRole | Where-Object {
 $_.Permissions | Where-Object { $permissions -contains $_ }
} | Select-Object -ExpandProperty Id

# Finally, get all administrators which have a scope/role pair which matches
Get-AdminAdministrator | Where-Object {
 $_.Rights | Where-Object {
 # [guid]::Empty is the GUID for the All scope
 # Remove the next line if you're dealing with an unscoped object type
 ($_.ScopeId -eq [guid]::Empty -or $scopes -contains $_.ScopeId) -and
 $roles -contains $_.RoleId

As written, this script is hard-coded to fetch the information for a machine catalog, but it should be trivial to change for other object types – for instance, for delivery groups, just change “Get-BrokerCatalog” to “Get-BrokerDesktopGroup” and the “Catalog” object type to “DesktopGroup”. Slightly more changes will be required for those objects in XenApp/XenDesktop which are not capable of being put into a scope, for example, App-V server references. For these cases, just drop fetching of the scopes at the start of the script and the line “($_.ScopeId -eq [guid]::Empty -or $scopes -contains $_.ScopeId) -and” near the end of the script. You’ll note at this point, the answer is independent of the actual object chosen, which is correct: for example, all App-V server references are managed by the same set of administrators.

Hope this helps anyone else who’s interested in doing this sort of thing – if you’ve got any questions, or want to see something similar on a different topic, please ask, either in the comments, on the new Citrix Developer Exchange forums, or via e-mail.


This software / sample code is provided to you “AS IS” with no representations, warranties or conditions of any kind. You may use, modify and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the software / sample code may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the software / sample code fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the software / sample code. In no event should the software / code be used to support of ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SOFTWARE / SAMPLE CODE, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the code.