I recently needed to search through all users in Active Directory and find logon workstations for those accounts that had them.  Logon workstations for a user account essentially restricts what workstations a specific user account can log on to.

A lot of this code example is based on using the ADSI Searcher to find user accounts in Active Directory.

$Root = [ADSI]"LDAP://OU=users,DC=alkanesolutions,DC=co,DC=uk"
$Searcher = new-object System.DirectoryServices.DirectorySearcher($Root)
$Searcher.filter = "(&(objectCategory=person)(objectClass=user))"
$Searcher.PageSize = 200

$Searcher.FindAll() | % {
  
    $user = [adsi]$_.Properties.adspath[0]

    $ErrorActionPreference = "silentlycontinue"
    If (($user.get("userWorkstations")) -ne $null)
    {
        $workstations = $user.get("userWorkstations")
        $workstationsArray = $workstations.split(",")
        foreach($ws in $workstationsArray) {
            write-host $samaccount $ws
        }
    }
}

 

Find Logon Workstations in Active Directory
Comments have now been disabled. If you have a question to ask about this post please ask the community!