Link to home
Start Free TrialLog in
Avatar of dbguy2626
dbguy2626

asked on

Remove Logon Workstations IN AD

Hello everyone, we have about 500 users with Logon Workstations Restrictions set in their user profile (I have a screen snap shot of exactly what I am talking about)  We are trying to script the removal of this field but have had NO luck.  Please help.  Here is the code we are trying to use.  Please help!!
Set objUser = GetObject _
 
  ("LDAP://cn=genuser1,ou=generic,ou=people,dc=enterprise,dc=domain,dc=org") (This path is subject to change depending on the user, this was a test user)
 
 
 
objUser.Put "userPrincipalName", "genuser1@enterprise.domain.org"
 
objUser.Put "sAMAccountName", "genuser1"
 
objUser.Put "userWorkstations","" (to set it for all left blank, also tried putting all in there, either comment may work)
 
objUser.SetInfo

Open in new window

AD.jpg
Avatar of Sinder255248
Sinder255248
Flag of United Kingdom of Great Britain and Northern Ireland image
Try using a tool called Hyena:

http://www.systemtools.com/hyena/

you get a 30day fully functional copy (it's a very good tool and well worth the money).  This should allow you to select all your users, right click and set the properties for those users so that it clears the logon workstation.
Avatar of Sudhirchauhan3
Sudhirchauhan3
Flag of India image
You are trying to modify multi valued attribute so need to use putex instead of put.

Const ADS_PROPERTY_CLEAR=1
Set objUser = GetObject _
 
  ("LDAP://cn=genuser1,ou=generic,ou=people,dc=enterprise,dc=domain,dc=org") (This path is subject to change depending on the user, this was a test user)
 
 
 
objUser.Put "userPrincipalName", "genuser1@enterprise.domain.org"
 
objUser.Put "sAMAccountName", "genuser1"
 
objUser.PutEx ADS_PROPERTY_CLEAR, "userWorkstations","" 
 
objUser.SetInfo

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of LauraEHunterMVP
LauraEHunterMVP
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of dbguy2626
dbguy2626

ASKER

thank you for your help..  you got me on the right track
Avatar of Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy
Flag of United States of America image
Happened upon this posting when trying to resolve this issue on a failed Essential Business Server migration.  For anyone who may need it, the following VBSScript will change all users in AD back to "All Computers" setting.

Put it on the desktop of your DC and double-click to run.  

I don't suggest that you use it in enviornments with more than 50 users or so because it will create a pop-up for every user changed.

Jeff
TechSoEasy
Set rootDSE = GetObject("LDAP://RootDSE")
    DomainContainer = rootDSE.Get("defaultNamingContext")
    Set conn = CreateObject("ADODB.Connection")
    conn.Provider = "ADSDSOObject"
    conn.Open "ADs Provider"
    ldapStr = "<LDAP://" & DomainContainer & ">;(&(objectCategory=person)(objectClass=user));adspath;subtree"
    Set rs = conn.Execute(ldapStr)
    While Not rs.EOF
 Set oUser = GetObject (rs.Fields(0).Value)
 if (len(oUser.userWorkstations) >= 1) then
  wscript.echo oUser.displayName & " ::: " & oUser.userWorkstations
  
  oUser.userWorkstations = vbnull
  oUser.PutEx 1, "userWorkstations", 0
  oUser.setinfo
  
 end if
      rs.MoveNext
  
    Wend
  wscript.echo "Finished"

Open in new window