[Feature request]: Option to only start the Citrix Desktop Service after the server has been joined to Azure AD

[bschurm]

Is your feature request related to a problem? Please describe.

We are looking into joining our Citrix Servers to Azure AD at boot.
We use PVS. We notice that it sometimes takes 2 hours untill the servers are joined to Azure AD. Normally it is around 1 hour.

We do not want to take the servers online yet if the join is not done, because of single sign on functionality issues.

Describe the solution you'd like

Option to select via GPO to keep the Citrix Desktop Service disabled untill the server has een joined to Azure AD after boot.
And add an option to enable or disable the Citrix Desktop service if joined failed after a specified timeout.
Would be nice to set a timeout for the script to keep checking if the server is joined to Azure AD. If not joined after the timeout option to keep the Citrix Desktop disabled or enabled and send mail if chosen not to enable the service if not joined to Azure AD.

Describe alternatives you've considered

Schedule a custom script via our automation tool, but we would like to do it via BIS-f.
I added a custom script to the personilization phase, but the script does not keep running after the personilization script end.

The custom script keeps checking very 5 minutes if the Azure AD join has occured by checking eventID 105 in the User Device Registration eventlog.

Script:

Record script start time

$scriptStartTime = Get-Date

Calculate 2 hours and 10 minutes timeframe

$endTime = $scriptStartTime.AddHours(2).AddMinutes(10)

Define email settings

$smtpServer = ""
$fromAddress = ""
$toAddress = ""
$subject = "Citrix Azure AD Join on Server [$env:COMPUTERNAME]"

Disable Citrix Desktop Service initially

Write-Host "Disabling Citrix Desktop Service temporarily..."
Stop-Service "BrokerAgent" -Force
Set-Service "BrokerAgent" -StartupType Disabled

do {
# Check for Azure AD join event with timestamp after script start
$isAzureADJoined = @(
Get-WinEvent "Microsoft-Windows-User Device Registration/Admin" | Where-Object {
$.Id -eq 105 -and
$.TimeCreated -ge $scriptStartTime
}
).Count -gt 0

# Enable Citrix Desktop Service if Azure AD joined and time limit not reached
if ($isAzureADJoined -and $scriptStartTime -lt $endTime) {
    Write-Host "Server is joined to Azure AD. Enabling Citrix Desktop Service..."
    
    # Enable Citrix Desktop Service
    Set-Service "BrokerAgent" -StartupType Automatic -Status Running
    
    Write-Host "Citrix Desktop Service enabled successfully."
    
    # Exit the loop as device is joined and service enabled
    break
} else {
    Write-Host "Server is not yet joined to Azure AD. Checking again in 5 minutes..."
    Start-Sleep -Seconds 300
}

} while ($scriptStartTime -lt $endTime)

If timed out without joining Azure AD, send email notification

if ($isAzureADJoined -eq $false) {
Write-Host "Server did not join Azure AD within 2 hours and 10 minutes. Citrix Desktop Service remains disabled."

# Build email body
$body = "Server [$env:COMPUTERNAME] did not join Azure AD within the specified timeframe of 2 hours and 10 minutes. Citrix Desktop Service remains disabled."

# Send email notification
Send-MailMessage -SmtpServer $smtpServer -From $fromAddress -To $toAddress -Subject $subject -Body $body

}

Screenshots

No response

Additional context

No response