Below is a script to find any users who have logon hours restricted (i.e. not set to “Allow Any Time”)


Don’t forget to generate an objects.txt by doing a “dsquery –user –l 0 > objects.txt” as per any of my other scripts.


strtextfile = "objects.txt"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(strtextfile, 1, False, 0)
On Error Resume Next

strobject = objTextFile.ReadLine
strobject = Mid(strobject,2,Len(strobject)-2)

Set objObject = GetObject("LDAP://" & strObject)
arrLogonHours = objObject.Get("logonHours")
strName = objObject.Get("CN")

If arrLogonHours <> "" Then
‘wscript.echo (strName & " has had Logon Hours defined – checking to see if they have any set currently")

For i = 1 To LenB(arrLogonHours)
    strLogonArray = AscB(MidB(arrLogonHours, i, 1))
arrLogonArray = arrLogonArray & strLogonArray

strMidB = MidB(arrLogonHours, i, 1)

if arrLogonArray <> "255255255255255255255255255255255255255255255255255255255255255" then
WScript.Echo (strName & " has Logon Hours defined – please investigate.")
end if

arrLogonArray = ""

End If

arrLogonHours = ""

Loop Until objtextfile.AtEndOfStream = True

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: