Active Directory - Force users to log off

Hello everyone ,

 I need to force my AD users to log off their PC (Windows 7) at a certain time . The reason is that, when they log back on,  they need to get a GPO update which contains modified logon/logoff scripts. These scripts will point to a new Windows 2012 Storage Server , holding the company's  personal and departmental share drives

So in a nutshell , we will force everyone to logoff at 5:00 PM, move the files/folders from the old storage to the new one, modify the scripts to point to the new share , force a GPO policy. When they are back to work the script will point them to the same share drive letter but on a different hardware

I want to force this logoff process by OU (too many users to do the entire AD at once) .  I am looking for a tool/script solution to trigger this logoff at, let's say, 5:15 PM, however the trigger should not be automated

If someone did run into this kind of request before, please let me know how you solved it
Last but not least,  my AD is a mixture of W2K3 and Windows 2008  Domain Controllers  (just upgrade DC root to 2008)

Thank you in advance for your help
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

R. Toby RichardsNetwork AdministratorCommented:
You can do this with Power Shell. I don't know if Windows XP has the shutdown command. Also, you have to run the script against an OU of computers not an OU of users.

foreach ($COMPUTER in $(Get-ADComputer -Filter * -Searchbase 'OU=SubOU,OU=TopLevelOU,DC=DOMAIN,DC=LOCAL')){
        write-host "Connecting to $($COMPUTER.Name)"
        Invoke-Command $COMPUTER.Name {shutdown /F /L}

shutdown /F (Force) /L (Log Off)
Paul MacDonaldDirector, Information SystemsCommented:
You can set up a Group Policy that forces users to log off after a certain time.
I'm not sure what you mean by "the trigger should not be automated".  The way I see it, either there's a trigger that when tripped kicks off the process automatically, or there's no trigger and the process has to be kicked off manually.

Here's something more in the vein of a manual process.  It's a short PowerShell script that communicates via DCOM (WMI).  Of course, anything like this relies on your DNS records being correct.  The "4" means to force logoff.  Specifying a "0" would do a logoff, but not forced.
Import-Module ActiveDirectory
Get-ADComputer -Filter * -Searchbase 'OU=SubOU,OU=TopLevelOU,DC=DOMAIN,DC=LOCAL' | Select -expand name | % { (Get-WmiObject Win32_operatingsystem -ComputerName $_).win32shutdown(4) | Out-Null }

Open in new window


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BibecuAuthor Commented:
Both footech and paulmacd solutions work, thank you very much .  
I have chosen footech to be the best solution because by running the script I can trigger the log off process manually anytime I want

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.