Understanding Command Line Tool for VMware Horizon (vdmadmin.exe)

A lot of customers ask me how to manage VMware Horizon in some ways which command line should be used to allow this. One common example questions is: How can I select which domains I would like to let customers use to connect to? (In case a company has more than one domain. E.g: CompanyA and CompanyB.

In order to allow that, VMware Horizon has a command line called vdmadmin.exe, which is located into the following path:

C:\Program Files\VMware\VMware View\Server\bin\vdmadmin.exe

To understand what are the options we have to use vdmadmin.exe command line, I wrote this as part of my daily studies around VMware Horizon. I hope this is helpful for you.

All commands below were taken from VMware Docs, where you can check the source information and updated info:

VDM ADMIN COMMAND

Users and Desktop

Update FSP (Foreign Security Principals)

Syntax: -F

Usage: Security principals used by Active Directory in trusted external domains

• Vdmadmin -F
• vdmadmin -F -u DOMAIN\USERNAME

https://docs.vmware.com/en/VMware-Horizon-6/6.2/com.vmware.horizon-view.administration.doc/GUID-6A97C606-EB7B-4159-A24A-0B2D7362B95A.html

Update a Virtual or Physical machine user assignment

Syntax: -L

Usage: Persistent Pool

• vdmadmin -L -d DESKTOP_POOL -m MACHINE-u DOMAIN\USER
• vdmadmin -L -d DESKTOP_POOL -m MACHINE -r
• vdmadmin -L -d DESKTOP_POOL -u CORP\USER -r

Client Authentication Configuration

Syntax: -Q

Usage: Enable / Disable View Connection Server for client authentication

• vdmadmin – Q -enable -server SERVER_NETBIOS
• vdmadmin – Q -enable -requirepassword -server SERVER_NETBIOS
• vdmadmin -Q -disable -server SERVER_NETBIOS

Usage: Set default settings to use when adding client authentication defaults

• vdmadmin -Q -clientauth -setdefaults -group AD_GROUP_NAME [-expirepassword | -noexpirepassword]
• vdmadmin -Q -clientauth -setdefaults -nogroup
• vdmadmin -Q -clientauth -setdefaults -ou “OU_BASE_DN” -domain DOMAIN_FQDN

Usage: Get client authentication defaults

• vdmadmin -Q -clientauth -getdefaults
• vdmadmin -Q -clientauth -getdefaults -xml

Usage: Add client authentication user

• vdmadmin -Q -clientauth -add -clientid CLIENT_ID -domain DOMAIN_FQDN [-ou OU_BASE_DN] [-password MY_PASSWORD] [-genpassword] [-expirepassword] -noexpirepassword] [-group AD_GROUP_NAME] [-nogroup] [-description TEXT]
  • CLIENT_ID = 11:22:33:44:55:66 <MAC ADDRESS>
  • CLIENT_ID = cm-<MAC ADDRESS>
  • CLIENT_ID = custom-<name>
  •  e.g: vdmadmin -Q -clientauth -add -clientid 11:22:33:44:55:66 -domain DOMAIN_FQDN

Usage: Update client authentication user

• vdmadmin -Q -clientauth -update -domain DOMAIN_FQDN -clientid CLIENT_ID [-password MY_PASSWORD] [-genpassword] [-description TEXT]

Usage: Remove client authentication users

• vdmadmin -Q -clientauth -remove -domain DOMAIN_FQDN -clientauth -removeall [-force]

Usage: List client authentication users and server enable/disable settings

• vdmadmin -Q -clientauth -list [-xml]

Show user information Syntax: -U Usage: Get user information

• vdmadmin -U -u DOMAIN\USERNAME
• vdmadmin -U -u DOMAIN\USERNAME -xml

Agents and Machines

Fetch or set agent information

Syntax: -A

• vdmadmin -A -d DESKTOP_POOL -m MACHINE_NETBIOS -list [-n | -w] [-xml] 
  • -n = nonunicode
  • -w = unicode
  • List agent log files
• vdmadmin -A -d DESKTOP_POOL -m MACHINE_NETBIOS -getlogfile name -outfile path
  • Save agent log in to local file
• vdmadmin -A -d DESKTOP_POOL -m MACHINE_NETBIOS -getDCT -outfile path
  • Create and save agent DCT bundle
• vdmadmin -A -d DESKTOP_POOL -m MACHINE_NETBIOS -getversion [-n | -w] [-xml]
  • Get agent version
• vdmadmin -A -d DESKTOP_POOL -m MACHINE_NETBIOS -getstatus [-n | -w] [-xml]
  • Get agent status
• vdmadmin -A -d DESKTOP_POOL -m MACHINE_NETBIOS -getloglevel [-n | -w] [-xml]
  • Get log level
• vdmadmin -A -d DSKTOP_POOL -m MACHINE_NETBIOS -setloglevel level
  • {trace | debug | normal}
  • Set agent logging level
• vdmadmin -A -d DESKTOP_POOL -m MACHINE_NETBIOS -override -I addr
  • Set IP/DNS override (??)
• vdmadmin -A -d DESKTOP_POOL -m MACHINE_NETBIOS -override -list [-n | -w] [-xml]
  • List IP/DNS override
• vdmadmin -A -d DESKTOP_POOL -m MACHINE_NETBIOS -reset-key
  • Reset the agent pairing key for the machine
• vdmadmin -A -d DESKTOP_POOL -override -removeall
  • Remove IP/DNS overrides on a pool
• vdmadmin -A -d DESKTOP_POOL -m MACHINE_NETBIOS -override -r
  • Remove IP/DNS override

Machine information and administration

Syntax: -M

• vdmadmin -M -m MACHINE_NETBIOS [-n | -w] [-csv | xml]
  • Show machine information
  • Sample:

• Show machine information (by user)
  • vdmadmin -M -d DESKTOP_POOL -u DOMAIN\USERNAME  [-n | -w] [-csv | xml]
• Mark a machine for space reclamation
  • vdmadmin -M -d DESKTOP_POOL -m MACHINE_NETBIOS -markForSpaceReclamation

Show assigned machines that are unentitled

Syntax: -O

Parameters: 

• -b| -bind {username domain | username@domain | domain\username}
  • Specify credentials
• -ld | -bydesktop
  • List by desktop
• -lu | -byuser
  • List by user
• -n | -nonunicode
  • Use non-unicode output
• -w | -unicode
  • Use unicode for output
• -xml
  • Produce output in XML format
• -noxslt
  • Do not include xslt in xml output
• -xsltpath path
  • Use specified xslt in xml format

Command Syntax: 

• vdmadmin -O [-ld | -lu] [-n | -w] [-xml] [-xsltpath path | -no xslt]
  • Show unentitled machines

Show user policies for unentitled machines

Syntax: -P

Parameters: 

• -b| -bind {username domain | username@domain | domain\username}
  • Specify credentials
• -ld | -bydesktop
  • List by desktop
• -lu | -byuser
  • List by user
• -n | -nonunicode
  • Use non-unicode output
• -w | -unicode
  • Use unicode for output
• -xml
  • Produce output in XML format
• -noxslt
  • Do not include xslt in xml output
• -xsltpath path
  • Use specified xslt in xml format

Command Syntax:

• vdmadmin -P  [-ld | -lu] [-n | -w] [-xml] [-xsltpath path | -no xslt]
  • Show unentitled policies

Connection Servers and Infrastructure

Set cluster name for connection servers group or display GUID

Syntax: -C

Parameters:

• -b | – bind {username domain | username@domain | domain\username}
  • Specify credentials
• -c | -cluster name
  • Name of the Cluster

Command Syntax:

• vdmadmin -C -c MYConnectionServerClusterName
  • Set the Cluster Name
• vdmadmin -C
  • Show broker GUID

Show health information

Syntax: -H

Parameters: 

• -b| -bind {username domain | username@domain | domain\username}
  • Specify credentials
• -monitorid monitor
  • Name of a health monitor
• – instanceid instance
  • Name of a monitor instance
• -list
  • Output a list
• -n | -nonunicode
  • Use non-unicode output
• -w | -unicode
  • Use unicode for output
• -xml
  • Produce output in XML format

Commands Syntax:

• vdmadmin -H [-monitorid monitor] -list [-n | -w] -xml
  • List health monitors os instances
• vdmadmin -H -monitorid monitor -instanceid instance [-n | -w] -xml
  • Show health for a monitor instance
• vdmadmin -H -list -xml

• vdmadmin -H -monitorid DomainMonitor -xml -n

Logging and Reporting

Syntax: -I

Parameters:

• b| -bind {username domain | username@domain | domain\username}
  • Specify credentials
• -list
  • Output a list
• -report type
  • Specify report type
• -view name
  • The name of a report view
• -Startdate YYYY-MM-DD-HH:mm:ss
  • A start date
• -Enddate YYY-MM-DD-HH:mm:ss
  • An end date
• -n | -nonunicode
  • Use non-unicode output
• -w | -unicode
  • Use unicode for output
• -csv
  • Product output in CSV format
• -xml
  • Produce output in XML format

Commands Syntax:

• vdmadmin -I  -list [-n | -w] [-xml]
  • List available reports and views 

• vdmadmin -I -report type -view view [-startdate DATE] [-enddate DATE] [-n | -w] [-csv | -xml]
  • Output reports

• vdmadmin -I -eventSyslog -disable
  • Disable syslog
• vdmadmin -I -eventSyslog -enable – localOnly
  
  • Enable local only syslog
• vdmadmin -I -eventSyslog -enable -path PATH -user DOMAIN\USER -password PASSWORD
  • Enable syslog with username and password
• vdmadmin -I -timingProfiler -enable [-s CONNECTION_SERVER]
  • Enable syslog profiler events for specified server or this server if omitted
• vdmadmin -I -timingProfiler -disable [-s CONNECTION_SERVER]
  • Disable timing profiler events for specified server or this server if omitted

Network and domain configuration

Syntax: -N

Parameters:

• b| -bind {username domain | username@domain | domain\username}
  • Specify credentials
• -s | -server NETBIOS_NAME
  • Computer name of a Connection Server
• -include
  • Include item or entry
• -Exclude
  • Exclude item or entry
• -search
  • Search or set search configuration
• -add
  • Add item or entry
• -r | -remove
  • Remove item or entry
• -removeall
  • Remove all items / entries
• -domain name
  • Specify domain
• -domains
  • Manage domain configuration
• -list
  • Output a list
• -active
  • Currently active information
• -n | -nonunicode
  • Use non-unicode output
• -w | -unicode
  • Use unicode for output
• -xml
  • Produce output in XML format

Commands Syntax: 

•     vdmadmin -N -domains [-s CONNECTION_SERVER] {-include | exclude | -search} {-add | -remove | -removeall} [-domain DOMAIN]

• Set broker domain configuration <EXCLUDE takes precedence>

• vdmadmin -N -domains -list [-n | -w] [-xml]
  • Get full domain configuration

Manage a Connection Server entry

Syntax: -S

Parameters:

• b| -bind {username domain | username@domain | domain\username}
  • Specify credentials
• -s | -server NETBIOS_NAME
  • Computer name of a Connection Server
• -r | -remove
  • Remove item or entry

Command Syntax: 

• vdmadmin -S -s CONNECTION_SERVER -r
  • Remove connection server entry

Note: This configuration removes Connection Server from ADAM Database.

Domain authentication configuration

Syntax: -T

Parameters:

• -domainauth
  • Domain authentication configuration
• -add
  • Add item or entry
• -update
  • Update an existing Client authentication user
• -r | -remove
  • Remove an item or entry
• -removeall
  • Remove all item / entries
• -list
  • Output a list
• -owner DOMAIN\USERNAME
  • The name of an owner
• -password PASSWORD
  • Password to be stored for client authentication, or in conjunction with username parameter. Use ‘*’ to be prompted
• -u | -user DOMAIN\USERNAME
  • The name of a user

Commands Syntax: 

• vdmadmin -T -domainauth -add -owner BROKER\ADMIN -user USERS\MYUSER -password PASSWORD
  • Add domain authentication user
• vdmadmin -T -domainauth -update  -owner BROKER\ADMIN -user USERS\MYUSER -password PASSWORD
  • Update domain authentication user
• vdmadmin -T -domainauth -remove  -owner BROKER\ADMIN -user USERS\MYUSER
  • Remove domain authentication user
• vdmadmin -T -domainauth -removeall  -owner BROKER\ADMIN
  • Remove all domain authentication users
• vdmadmin -T -domainauth -list  -owner BROKER\ADMIN
  • List domain authentication users

LDAP utilities

Syntax: -X

Parameters:

• -collisions
  • Show / Resolve LDAP collision entries
• -schemacollisions
  • Show/Resolve LDAP schema collision entries
• -resolve
  • Resolve LDAP inconsistencies
• -global
  • Use global LDAP instance
• -lpinfo
  • Linked POD info
• -s | -server CONNECTION_SERVER
  • Computer name of a Connection Server
• -pod
  • POD name
• -force
  • Perform an operation unconditionally
• -u | -user DOMAIN\USERNAME
  • The name of a user
• -password PASSWORD
  • Password to be stored for client authentication, or in conjunction with username parameter. Use ‘*’ to be prompted
• -xml
  • Produce output in XML forma

Commands Syntax: 

• vdmadmin -X -collisions [-resolve]
  • Shoe/resolve LDAP collision entries
• vdmadmin -X -schemacollisions [-resolve] [-global]
  • Show/resolve LDAP schema collision entries
• vdmadmin -X -lpinfo [-xml] 
  • Linked POD info