Santhosh Sivarajan's Blog

June 14, 2011 at 1:51 PM

http://sivarajan.com/forum/viewthread.php?tid=13

Tim says:

July 20, 2011 at 10:25 PM

Is there a way to allow the user myuser1 to logon to both houlab01 and houlab02? I have attempted, but it seems that this script overwrites the attribute each time.

July 24, 2011 at 7:17 PM

Tim,

Thanks for the feedback. I have updated script to support multiple values. Please use the updated version.

-Santhosh

shamsheer Alam says:

April 6, 2012 at 1:55 PM

hi i am not able to run the script can u please explain in details.

Lopezej says:

April 20, 2012 at 4:45 PM

Really helpful! had to update over 300 user accounts with new information, thanks a lot for sharing.

Lopezej says:

April 20, 2012 at 4:49 PM

This comment has been removed by the author.

Lopezej says:

April 20, 2012 at 4:52 PM

Hi Shamsheer, you need to provide a csv file named input.csv located in c:\scripts (it's important that the file contains the Username,Computername header). You only have to specify the user account and the workstation to be added, the script allows you to preserve the existing configuration. Hope it helps!

pd. Be sure to edit line 16 with your domain information.

April 23, 2012 at 2:52 PM

Thanks SpiderMind. Thanks for the feedback!

April 23, 2012 at 2:53 PM

Shamsheer,
What details are you looking for? Are you getting any error message? If so, please post the error message here.

Carlos Crudo Experto en Azure says:

November 15, 2012 at 1:50 PM

ccrudo2009@gmail.com
list all the users who have logon to the computer name and allowed

Tch81 says:

December 3, 2012 at 4:44 AM

This script works nice, but im trying to clear old log on to values and then add new set of values from .csv file, but i cant get it to work.

iv tried using the original script by modifying line 21 something like this:
....
If (($user.get("userWorkstations")) -ne $null)
{$user.psbase.invokeSet("userWorkstations",$null)}
....
like if the value is not null then it would owerwrite it with null value?? or just '' instead of null, but it wont clear the value.

John says:

January 7, 2013 at 6:45 AM

This is a fantastic script, thank you! I do have one question though, is it possible to point the script at an OU rather than using a csv to get the user names and computer names?
For example, the users reside in an OU called Exams, and the computers are in the OU's ComputerRoom1, ComputerRoom2 etc.
Can this script be modified to do this or is it just not possible in powershell?

axe says:

August 22, 2013 at 3:23 AM

Thanks Santhosh Sivarajan. How can be like you :DDD

Karimulla Sheik says:

August 27, 2013 at 3:36 AM

Hi Sivarajan,

Thanks for the script.it worked but what if we need to add multiple computers for a user. For example

User1 should be allowed to PC1,pc2, pc3
user2 should be allowed to pc4,pc5,pc6.

Can this script be modified to do this or is it just not possible in powershell?

Karimulla Sheik says:

August 27, 2013 at 4:39 AM

November 12, 2013 at 3:52 AM

Hi Santhosh Sivarajan,
Thanks for nice article.

My Question is that,
we d like to run this script for all AD users except the users whose Logon To Worstation selected "Full Computer".
How can we do this?
Thanks in advance.

January 21, 2014 at 3:53 PM

Is there a way just to specify a user ID and list all of the computers it is allowed to logonto?

January 22, 2014 at 9:11 AM

Marcus,

You just need the current values from userWorkstations?

January 22, 2014 at 9:12 AM

Kadir,
What do you mean by "Full Computer"?

January 23, 2014 at 12:37 PM

Thanks. That got it.

February 26, 2014 at 10:56 PM

How can we take out 3 computers that are in these fields and set it back to All Computers?

August 1, 2014 at 7:20 PM

Script has run successfully user profiles updated however the AD objects did not update. Script ran as admin user

August 1, 2014 at 7:22 PM

$UserN = $_.UserName
$ComputerN = $_.ComputerName
$ObjFilter = "(&(objectCategory=person)(objectCategory=User)(samaccountname=$UserN))"
$objSearch = New-Object System.DirectoryServices.DirectorySearcher
$objSearch.PageSize = 15000
$objSearch.Filter = $ObjFilter
$objSearch.SearchRoot = "LDAP://DC=net,DC=JohnLewis,DC=co,DC=uk"
$AllObj = $objSearch.findOne()
$user = [ADSI] $AllObj.path
$ErrorActionPreference = "silentlycontinue"
If (($user.get("userWorkstations")) -ne $null)
{$ComputerN = $user.get("userWorkstations")+","+ $ComputerN}
Write-host -NoNewLine "Updating $UserN Properties ..."
$user.psbase.invokeSet("userWorkstations",$ComputerN)
Write-host "Done!"
$user.setinfo()
}

adysan says:

September 6, 2016 at 1:54 PM

About what Karimulla Sheik asked (to add multiple computers for a user), this looks to work but only if there is already at least one computer added:

Import-Module ActiveDirectory
Import-CSV C:\temp3\pclist2aa.csv | % {
$UserN = $_.SamAccountName
$ComputerN1 = $_.LogonWorkstations1
$ComputerN2 = $_.LogonWorkstations2
$ComputerN3 = $_.LogonWorkstations3
$ObjFilter = "(&(objectCategory=person)(objectCategory=User)(samaccountname=$UserN))"
$objSearch = New-Object System.DirectoryServices.DirectorySearcher
$objSearch.PageSize = 15000
$objSearch.Filter = $ObjFilter
$objSearch.SearchRoot = "LDAP://dc=test,dc=company,dc=com"
$AllObj = $objSearch.findOne()
$user = [ADSI] $AllObj.path
$ErrorActionPreference = "silentlycontinue"
If (($user.get("userWorkstations")) -ne $null)
{$ComputerN = $user.get("userWorkstations")+","+ $ComputerN1 +","+ $ComputerN2 +","+ $ComputerN3}
Write-host -NoNewLine "Updating $UserN Properties ..."
$user.psbase.invokeSet("userWorkstations",$ComputerN)
Write-host "Done!"
$user.setinfo()
}

My csv looks like this:
SamAccountName,LogonWorkstations1,LogonWorkstations2,LogonWorkstations3
user1,computer1,computer2,computer3
user2,computer4,computer5,computer6

Do you have any ideas about what needs to be changed to get it to update when "log on to" doesn't have anything added?

Thanks,
Adrian

Still_Learning says:

March 31, 2017 at 4:45 PM

Santhosh,
This works good for adding, but I need to remove LogonWorkstations. On several Users I am at the 64 limit but I can't give them all. As I retired computers there isn't a good way to remove them from the list expect for manually. Any ideas?

August 24, 2017 at 11:26 AM

Thanks a lot!

October 19, 2017 at 12:48 PM

Does not work. It adds ONLY the 'second' value, if you already have an entry, Script DOES not work for more than one computerName.
So, I put "testusr,NewComp" in the csv, with the headers,etc. I even put in "write-host $ComputerN" and it shows "testusr,NewComp", BUT when it is done, ONLY the second value get written to the AD user! Yes, I am using the most recent version. Yes, it displays both values before the "$user.setinfo()" occurs. I will try with "double quotes" around "$ComputerN," since it has a "," - maybe it is an issue with double-quotes.

October 19, 2017 at 12:49 PM

Correction, it does NOT add the "new" second computer name in the LogonTo.

October 19, 2017 at 1:08 PM

I stand corrected !! it WORKS! Thanks.
Must be an AD propagation delay. After I waited a bit, it updated perfectly! Thanks for this.

October 19, 2017 at 1:17 PM

BUT, it DID work after I put double-quotes around
{$ComputerN = $user.get("userWorkstations")+","+ $ComputerN} <<--- "$ComputerN"

so make that above change,
and then you can string together multiples in the CSV, like TstUsr,"pc1,pc2,pc3" <<-- put the double-quotes around that whole string in the CSV file.