A
PowerShell script has been developed to assign the logonHours property of
users from the information in an input file. The input file is a comma
delimited file, specifying the Distinguished Names of the users, and 7
binary strings for each user designating the hours in the week when
the user is allowed to logon to the domain. Each binary string has 24 bits for the 24 hours in a day.
The LogonHours attribute has Active Directory syntax OctetString, which is a
"Byte Array". This program converts the the 7 binary strings into an array of 21 bytes,
which is 168 bits, one for each hour of the week. A bit with
value zero means the user is not
allowed to logon for that hour. A bit with value one means the user is allowed to logon. The array is offset by the
time zone bias (in hours) stored in the local machine registry. This bias is the offset from UTC (Coordinated Universal
Time) for the time zone set in the computer. The LogonHours property is stored in Active Directory in
UTC, but your input file should specify when the user is allowed to logon in the time zome of the local computer.
The input
comma delimited file has 8 fields. A header line defines the fields. The
first field is the Distinguished Name of the user. Since Distinguished Names
have embedded commas, the value must be enclosed in double quote characters.
The following 7 fields on each line are strings representing the 7 days in a
week. Each string is a series of 24 0's and 1's, one for each hour in a day.
The digits can be separated by spaces, dashes, plus signs, or slashes (but not commas) to make them
easier to read. An example of the input file with just two
lines, the header line and a line for one user follows. Note that the second
line word wraps below due to the length, but it is one line:
DN,Sun,Mon,Tue,Wed,Thu,Fri,Sat
"cn=Jim Smith,ou=West,dc=MyDomain,dc=com",000 000 000 000 000 000 000 000,000 000 011 111 111 111 000 000,000 000 011 111 111 111 000 000,000 000 011 111 111 111 000 000,000 000 000 000 000 001 111 100,000 000 011 111 111 111 000 000,000 000 001 111 111 000 000 000
This example means the user cannot logon on Sundays (the first string after
the Distinguished Name is 24 0's). On Mondays, Tuesdays, Wednesdays, and
Fridays the user can logon from 7am until 6pm local time (a total of 11 hours). On
Thursdays the user can logon from 5pm until 10pm (5 hours) and on Saturday
from 8am until 3p (7 hours). You can create such a file from a spreadsheet,
exporting in comma delimited format.
This program only requires PowerShell V1.
PSSetLogonHours.txt <<-- Click here to view or download the program