Share via

Powershell Script - Disable user account after login hours expires

Diogo Mello 1 Reputation point
2021-02-23T20:42:14.207+00:00

Hi guys,

I looking for a powershell script that disable AD User Account after Login Hours expires!!!
The idea is configure a task to run this script each 5 minutes.

Any idea?? is it possible to do that?

Thanks.

Diogo

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | PowerShell
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2021-02-24T07:40:38.193+00:00

    Hi,

    The Logon Hours is stored in the logonHours attribute but it's somewhat difficult to decode. The link below could be helpful to understand it.

    https://social.technet.microsoft.com/Forums/en-US/545552d4-8daf-4dd8-8291-6f088f35c2a4/how-is-the-logon-hours-attribute-set-in-active-directory-windows-server-2008-r2-?forum=winserverDS

    Best Regards,
    Ian Xue

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Was this answer helpful?

    0 comments
  2. Rich Matheisen 48,116 Reputation points
    2021-02-23T22:37:36.7+00:00

    Is it possible? Yes, it is. disabling an AD user is easy (use Disable-ADAccount). But getting at the logonhours data is a bit harder. It's an array of binary values, with one entry for each day of the week.

    See this link and you'll find a nice function that returns a PSObject: 2289042-logon-hours-reporting

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.