Set-ADUserLogonTo PowerShell Module

At work I sometimes have to set account restrictions up on an account to limit the user to only be able to logon to certain PC’s. Usually this is to restrict the account to only being able to logon to certain computer labs. In the past I would accomplish this by opening up ADUC, clicking on the accounts LogonWorkstation dialog box, and then manually entering each computer that the account needs to logon to, often with the computernames being almost identical(the computers were named after the room number they were located in). I got a bit tired of doing this after a few times, so I started to look into setting the field via PowerShell. The Set-ADUser command lets you set the field by using the -LogonWorkstations parameter, but you have to provide a comma separated list with each host you want the account to be able to logon to. I wanted wildcard support! So to fix the problem, I created a PowerShell module that gave me the wildcard support, Set-ADUserLogonTo. In it are two functions, Get-ADUserLogonTo and Set-ADUserLogonTo. Get-ADUserLogonTo can be used to either return which computers the account is restricted to logging into, or just how many computers are in that list. Set-ADUserLogonTo can be used to either set the restrictions on what the account can log into(click here to get some examples as to how the wildcard support works), or just to remove the restrictions, allowing the account to logon anywhere. If you’d like to install it, check out the project’s README on it’s project page here.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s