|
I'm going to abuse the hell out of this thread in the months too come! Well, not really, I can usually find the help I need by using the resources you listed in the OP. But I'm having a hell of a time figuring this one out. I need to get a list of all users in a domain that have the 'Log On To...' option defined in Active Directory. And, if possible, get a list of all of the machines each user is allowed to log on to. Then, preferably with a different script, I need to change everyone back to allowing all users to log onto all computers. I think I'm having such a hard time finding help because when you search for anything with Log On To in the search you get a whole lot of listings for logon scripts and non-relevant logon related information. Any help would be greatly appreciated.
|
# ¿ Apr 1, 2010 17:55 |
|
|
# ¿ Apr 27, 2024 15:04 |
|
adaz posted:We don't use logon to around here and as you said searching for it's a bitch. I do what I always do when trying to find a obscure LDAP/AD setting - I set it up on an AD object and bind it to the object in powershell: Thank you so much for this. I didn't get it to work like this, but it gave me all the information I needed to start digging a little more. A lot of the examples I ended up finding online were using commands like get-qaduser and connect-qadservice. I found out these were from a free snapin by quest. http://www.quest.com/powershell/activeroles-server.aspx Download and run it. Then you need to add it by using the following command. code:
code:
___________________________________________ get-qaduser -dontusedefaultincludedproperties -includedproperties 'UserWorkstations' -objectattributes @{'UserWorkstations'='*'} | format-list Name,userWorkstations ___________________________________________ That gave me a list of all users with the variable I was looking for. The -dontusedefaultincludedproperties was just to save processing time. The -includedproperties 'userWorkstations' command is because the default get-qaduser result list doesn't include userWorkstations. The -objectattributes @{'userWorkstations'='*'} switch makes it only return objects that have something defined in userWorkstations. From there it was a simple task of assigning a variable to that search result and then piping it into the command to empty the userworkstations object. ___________________________________________ $fixitlist = get-qaduser -DontUseDefaultIncludedProperties -includedproperties 'userWorkstations' -objectattributes @{'UserWorkstations'='*'} ___________________________________________ $fixitlist | set-qaduser -objectattributes @{userworkstations=''} ___________________________________________ That did it for me. It changed all of my special snowflakes back to where I wanted them. Thank you so much. edit: my code snippets were breaking tables, so I removed them. Makes it a little harder to read. Tont fucked around with this message at 00:21 on Apr 3, 2010 |
# ¿ Apr 3, 2010 00:16 |