Re: Finding Login Hours for user accounts in AD

Hi,

The logonHours attribute is a byte array. Also, the times are saved in UTC
(Coordinated Universal Time, or what used to be called GMT), so you have to
adjust for the time zone bias (saved in the local machine registry). I have
a sample VBScript program to output the logonHours attribute for a specified
user linked here:

http://www.rlmueller.net/Document%20LogonHours.htm

You could use ADO to retrieve the value of the logonHours attribute for all
users. Then, you probably could use the code in the link above to convert
each byte array to an array of bits, then test elements of this array and
output the user name when certain conditions are satisfied. In the program,
arrintLogonHoursBits is the array of logon hours. There is one element of
the array for each hour of the week, from arrintLogonHoursBits(0)
(12:00am-1:00am Sunday, local time) to arrintLogonHoursBits(167)
(11:00pm-12:00pm Saturday). If the value is zero, logon is not allowed, if
the value is 1 logon is allowed. 6:00pm thru 12:00pm Monday would be
arrintLogonHoursBits(42) thru arrintLogonHoursBits(47).

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net

"kj" <kj@xxxxxxxxxxx> wrote in message
news:OHeA2UChGHA.3376@xxxxxxxxxxxxxxxxxxxxxxx
Adfind can give you a quick list of accounts with the logon hours set. A
quick glance will probably tell you which accounts are set up
'differently". Unfortunaly the format this is stored in is a little
"cumbersome" to deal without scripting. Perhaps this will suffice;

adfind -b dc=domain,dc=local logonhours

Accounts with logon hours set will display in the format;

logonHours: 0001 0000 0100 0001 0000 0100 0001 0000 0100 0001 00

Each day (24hours) is represented in 6 hex digits. The example above shows
the least signficant hex digit for each day (1am-2am, logon enabled)

Adfind and perhaps a more complete answer from joeware.net forums.

--
/kj
"Dane Newman" <Dane Newman@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B8EC4882-B9B3-4BC4-B61D-95FEE5AC07F0@xxxxxxxxxxxxxxxx
Here is our situation.

We have an AD with many accounts and many UO's. Normally user accounts
are
created by copying other user accounts and retain the same properlys.
Reccently we found out that some user accounts have not been created
correctly and do not have the proper login hours attached to there
accounts.
We need a way to track down and search through all user accounts and be
able
to check there login hours based on criteria such as show us all accounts
that can log in after 6 pm ect. Does anyone know a way to do this?




.

Relevant Pages

  • Re: Finding Login Hours for user accounts in AD
    ... The logonHours attribute is a byte array. ... Accounts with logon hours set will display in the format; ... created by copying other user accounts and retain the same properlys. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Array and InputBox Integration ?
    ... I am having a little trouble getting values of an array to number ... themselves in an InputBox for a user to make their choice. ... I am pulling all the local accounts off the machine which will vary ... Sub ListLocalAccounts ...
    (microsoft.public.scripting.wsh)
  • Re: Vlookup with Multiple Criteria
    ... will return an array of true/falses--depending on if A2 is equal ... I have 2 spreadsheets that both contain store numbers and the accounts they ... I usually use the VLOOKUP formula to search for the store numbers in the ...
    (microsoft.public.excel.newusers)
  • Re: Sorting array of hash references
    ... I've got an array of hash-references as following. ... I want to display all the active accounts before ... by preserving the account type order. ...
    (comp.lang.perl.misc)
  • Re: Logon Hours Query?
    ... As Richard indicates, the logonHours attribute is a byte array, due to how it is layed out, there is no way to generate a query for it. ...
    (microsoft.public.windows.server.active_directory)
Loading