Other Posts in this Series:
- LDAP Does Not Return All Active Directory Group Members
- The Difference Between PowerShell ADSI and ADSISearcher
- Use ADSI to Check if a User is a Member of an AD Group
- Use ADSI to Check if a Computer is a Member of an AD Group
- Use PowerShell ADSI to Migrate AD Group Members
This post provides an example of how we can use ADSI to find logon workstations in Active Directory.
I recently needed to search through all users in Active Directory and find logon workstations for those accounts that had them. Logon workstations for a user account essentially restricts what workstations a specific user account can log on to.
A lot of this code example is based on using the ADSI Searcher to find user accounts in Active Directory.
$Root = [ADSI]"LDAP://OU=users,DC=alkanesolutions,DC=co,DC=uk"
$Searcher = new-object System.DirectoryServices.DirectorySearcher($Root)
$Searcher.filter = "(&(objectCategory=person)(objectClass=user))"
$Searcher.PageSize = 200
$Searcher.FindAll() | % {
$user = [adsi]$_.Properties.adspath[0]
$ErrorActionPreference = "silentlycontinue"
If (($user.get("userWorkstations")) -ne $null)
{
$workstations = $user.get("userWorkstations")
$workstationsArray = $workstations.split(",")
foreach($ws in $workstationsArray) {
write-host $samaccount $ws
}
}
}
