windows account logon hours windows域账号不可登录

# deny logon at all times
$user = [ADSI]"LDAP://cn=Joe Bloggs,ou=Test,dc=Manticore,dc=org"
[byte[]]$hours = @(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)
$user.logonhours[0] = $hours
$user.setinfo()

## allow logon at all times
$user = [ADSI]"LDAP://cn=Joe Bloggs,ou=Test,dc=Manticore,dc=org"
[byte[]]$hours2 = @(255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255)
$user.logonhours[0] = $hours2
$user.setinfo()

 

## allow logon 8am – 6pm Monday to Friday
$user = [ADSI]"LDAP://cn=Joe Bloggs,ou=Test,dc=Manticore,dc=org"
[byte[]]$hours3 = @(0,0,0,0,255,3,0,255,3,0,255,3,0,255,3,0,255,3,0,0,0)
$user.logonhours[0] = $hours3
$user.setinfo()

 

##query

Get-ADUser -Filter  'SamAccountName -like "*adm"' -server red2.com:3268 -SearchBase "OU=Useraccounts,OU=SGH,DC=cn,DC=red2,DC=com" -Properties SamAccountName,LastLogonDate,CannotChangePassword,PasswordNeverExpires,logonhours | select SamAccountName,LastLogonDate,CannotChangePassword,PasswordNeverExpires,logonhours

posted on 2020-02-13 16:01  InnoLeo  阅读(242)  评论(0编辑  收藏  举报