Other Posts in this Series:
- LDAP Does Not Return All Active Directory Group Members
- The Difference Between PowerShell ADSI and ADSISearcher
- Use ADSI to Check if a User is a Member of an AD Group
- Use ADSI to Check if a Computer is a Member of an AD Group
- Use PowerShell ADSI to Migrate AD Group Members
This post provides an example of how we can use ADSI to find logon workstations in Active Directory.
I recently needed to search through all users in Active Directory and find logon workstations for those accounts that had them. Logon workstations for a user account essentially restricts what workstations a specific user account can log on to.
A lot of this code example is based on using the ADSI Searcher to find user accounts in Active Directory.
$Root = [ADSI]"LDAP://OU=users,DC=alkanesolutions,DC=co,DC=uk"
$Searcher = new-object System.DirectoryServices.DirectorySearcher($Root)
$Searcher.filter = "(&(objectCategory=person)(objectClass=user))"
$Searcher.PageSize = 200
$Searcher.FindAll() | % {
$user = [adsi]$_.Properties.adspath[0]
$ErrorActionPreference = "silentlycontinue"
If (($user.get("userWorkstations")) -ne $null)
{
$workstations = $user.get("userWorkstations")
$workstationsArray = $workstations.split(",")
foreach($ws in $workstationsArray) {
write-host $samaccount $ws
}
}
}
![Use ADSI to Find Logon Workstations in Active Directory](https://www.alkanesolutions.co.uk/wp-content/uploads/2023/12/use-adsi-to-find-logon-workstations-in-active-directory-300x169.png)
![Use ADSI to Find Logon Workstations in Active Directory](https://www.alkanesolutions.co.uk/wp-content/themes/twentyeleven-child/images/application-packaging-services-blog.png)