If you’ve locked yourself out of the Citrix DSC, you’ve done the equivalent of locking your keys in the car while it’s running. You may have done this inadvertently as a result of changing domains, or this could have happened because you had a single domain controller in your environment – and it crashed unrecoverable. When you stood up the new domain controller, you were able to create all of the same accounts, but the SID’s are now different – so you’re not going to be able to get into the Citrix discovery services console. You’re locked out and you need a back door – what do you do?
If you’ve simply forgotten what the user account is that was put into the console as a Citrix Administrator, you can query the datastore directly using DSVIEW by following the instructions in CTX112851.
If you are in much worse trouble as mentioned above, there is a process you can follow to insert the local administrator account from the server into the datastore as a valid Citrix administrator account.
1). Install the Microsoft debug kit for Windows on your server.
2). Backup your datastore by running the “DSMAINT BACKUP <path>” command.
** Note ** Run any scripts that edit your Citrix datastore at your OWN RISK. This is not a supported Citrix file!
3). Download and run the latest version of the Citrix Slim Jim script (Below). This script should edit your data store, removing user information from the tables – forcing Xenapp to default to the local administrator account on the server.
Xenapp6-SLIMJIM – Newer Xenapp 6+ version
Slim_Jim – This is the older version, which should work well with previous versions of Citrix
You should notice that the local administrator on the Xenapp server can now log into the console. From there you can remove the old accounts and add the new ones, getting the correct SID added to the data store.