Author Posts

February 16, 2018 at 7:51 pm

Running this script returns all of the users with any value populated for the LogOnHours attribute but it ignores the $All_Hours variable as users with that value ARE returned. The goal is to ignore any users who have the LogOnHours set to 24 hour access. Where am I going wrong here? Any help is greatly appreciated.

[byte[]]$All_Hours = @(255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255)

$ADSISearcher = [ADSISearcher]'(objectclass=user)'
$ADSISearcher.SearchRoot = [ADSI]"LDAP://OU=test,DC=test,DC=local"
$ADSISearcher.FindAll()| ForEach-Object {
    $user = [adsi]$_.Properties.adspath[0]
    if ($user.logonHours -ne $null -and $user.logonhours -ne $All_Hours) {
        New-Object -Type PSCustomObject -Property @{
            SamAccountName = $user.sAMAccountName[0]
            LogOnHours     = $user.logonHours

February 17, 2018 at 12:00 am

I was able to accomplish this with the Get-ADUser command. Not sure why I couldn't get it to work the ADSI method.

[byte[]]$All_Hours = @(255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255)
$OUs = "OU=test,DC=test,DC=local", "OU=test2,DC=test2,DC=local"
ForEach ($OU in $OUs) {
    get-ADUser -SearchBase $OU -filter {LogOnHours -ne $All_Hours} -Properties LogOnHours|select SamAccountName, LogOnHours

# Sets the attribute to $null
Set-ADUser $Username -clear "LogOnHours"