ADSI Exclude Users With 24 Hour Access From Searcher

Welcome Forums General PowerShell Q&A ADSI Exclude Users With 24 Hour Access From Searcher

This topic contains 1 reply, has 1 voice, and was last updated by

 
Participant
9 months ago.

  • Author
    Posts
  • #93871

    Participant
    Points: 1
    Rank: Member

    Running this script returns all of the users with any value populated for the LogOnHours attribute but it ignores the $All_Hours variable as users with that value ARE returned. The goal is to ignore any users who have the LogOnHours set to 24 hour access. Where am I going wrong here? Any help is greatly appreciated.

    [byte[]]$All_Hours = @(255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255)
    
    $ADSISearcher = [ADSISearcher]'(objectclass=user)'
    $ADSISearcher.SearchRoot = [ADSI]"LDAP://OU=test,DC=test,DC=local"
    $ADSISearcher.FindAll()| ForEach-Object {
        $user = [adsi]$_.Properties.adspath[0]
        
        if ($user.logonHours -ne $null -and $user.logonhours -ne $All_Hours) {
            New-Object -Type PSCustomObject -Property @{
                SamAccountName = $user.sAMAccountName[0]
                LogOnHours     = $user.logonHours
            }
        }
    }
    
  • #93898

    Participant
    Points: 1
    Rank: Member

    I was able to accomplish this with the Get-ADUser command. Not sure why I couldn't get it to work the ADSI method.

    [byte[]]$All_Hours = @(255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255)
    $OUs = "OU=test,DC=test,DC=local", "OU=test2,DC=test2,DC=local"
    ForEach ($OU in $OUs) {
        get-ADUser -SearchBase $OU -filter {LogOnHours -ne $All_Hours} -Properties LogOnHours|select SamAccountName, LogOnHours
    }
    
    # Sets the attribute to $null
    Set-ADUser $Username -clear "LogOnHours"
    

The topic ‘ADSI Exclude Users With 24 Hour Access From Searcher’ is closed to new replies.