Re: Finding Login Hours for user accounts in AD
- From: "kj" <kj@xxxxxxxxxxx>
- Date: Tue, 30 May 2006 15:00:58 -0700
Yeah, what he (Richard) said! ;-)
--
/kj
"Richard Mueller" <rlmueller-NOSPAM@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23$QxDJDhGHA.764@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
The logonHours attribute is a byte array. Also, the times are saved in UTC
(Coordinated Universal Time, or what used to be called GMT), so you have
to adjust for the time zone bias (saved in the local machine registry). I
have a sample VBScript program to output the logonHours attribute for a
specified user linked here:
http://www.rlmueller.net/Document%20LogonHours.htm
You could use ADO to retrieve the value of the logonHours attribute for
all users. Then, you probably could use the code in the link above to
convert each byte array to an array of bits, then test elements of this
array and output the user name when certain conditions are satisfied. In
the program, arrintLogonHoursBits is the array of logon hours. There is
one element of the array for each hour of the week, from
arrintLogonHoursBits(0) (12:00am-1:00am Sunday, local time) to
arrintLogonHoursBits(167) (11:00pm-12:00pm Saturday). If the value is
zero, logon is not allowed, if the value is 1 logon is allowed. 6:00pm
thru 12:00pm Monday would be arrintLogonHoursBits(42) thru
arrintLogonHoursBits(47).
--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
"kj" <kj@xxxxxxxxxxx> wrote in message
news:OHeA2UChGHA.3376@xxxxxxxxxxxxxxxxxxxxxxx
Adfind can give you a quick list of accounts with the logon hours set. A
quick glance will probably tell you which accounts are set up
'differently". Unfortunaly the format this is stored in is a little
"cumbersome" to deal without scripting. Perhaps this will suffice;
adfind -b dc=domain,dc=local logonhours
Accounts with logon hours set will display in the format;
logonHours: 0001 0000 0100 0001 0000 0100 0001 0000 0100 0001 00
Each day (24hours) is represented in 6 hex digits. The example above
shows the least signficant hex digit for each day (1am-2am, logon
enabled)
Adfind and perhaps a more complete answer from joeware.net forums.
--
/kj
"Dane Newman" <Dane Newman@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B8EC4882-B9B3-4BC4-B61D-95FEE5AC07F0@xxxxxxxxxxxxxxxx
Here is our situation.
We have an AD with many accounts and many UO's. Normally user accounts
are
created by copying other user accounts and retain the same properlys.
Reccently we found out that some user accounts have not been created
correctly and do not have the proper login hours attached to there
accounts.
We need a way to track down and search through all user accounts and be
able
to check there login hours based on criteria such as show us all
accounts
that can log in after 6 pm ect. Does anyone know a way to do this?
.
- References:
- Re: Finding Login Hours for user accounts in AD
- From: kj
- Re: Finding Login Hours for user accounts in AD
- From: Richard Mueller
- Re: Finding Login Hours for user accounts in AD
- Prev by Date: Re: Finding Login Hours for user accounts in AD
- Next by Date: Re: Resetting passwords with LDP
- Previous by thread: Re: Finding Login Hours for user accounts in AD
- Next by thread: csvde
- Index(es):
Relevant Pages
|
Loading
