windows account logon hours windows域账号不可登录
# deny logon at all times
$user = [ADSI]"LDAP://cn=Joe Bloggs,ou=Test,dc=Manticore,dc=org"
[byte[]]$hours = @(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)
$user.logonhours[0] = $hours
$user.setinfo()
## allow logon at all times
$user = [ADSI]"LDAP://cn=Joe Bloggs,ou=Test,dc=Manticore,dc=org"
[byte[]]$hours2 = @(255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255)
$user.logonhours[0] = $hours2
$user.setinfo()
## allow logon 8am – 6pm Monday to Friday
$user = [ADSI]"LDAP://cn=Joe Bloggs,ou=Test,dc=Manticore,dc=org"
[byte[]]$hours3 = @(0,0,0,0,255,3,0,255,3,0,255,3,0,255,3,0,255,3,0,0,0)
$user.logonhours[0] = $hours3
$user.setinfo()
##query
Get-ADUser -Filter 'SamAccountName -like "*adm"' -server red2.com:3268 -SearchBase "OU=Useraccounts,OU=SGH,DC=cn,DC=red2,DC=com" -Properties SamAccountName,LastLogonDate,CannotChangePassword,PasswordNeverExpires,logonhours | select SamAccountName,LastLogonDate,CannotChangePassword,PasswordNeverExpires,logonhours