|
Replies:
20
-
Pages:
2
[
1
2
| Next
]
-
Last Post:
Aug 26, 2010 2:58 PM
by: Theo22
|
|
|
Posts:
81
Registered:
4/3/08
|
|
|
|
Setting user logon hours
Posted:
Dec 1, 2008 3:46 AM
|
|
|
I'm using the example in the post here http://jonoble.spaces.live.com/blog/cns!CC73D8744F0894A5!643.entry to copy the logonhours from a template account (nologonhours) which is denied logon at all times to a standard user account (blopez), i.e.
# Get template user logon hours
$userLogonHoursEnabled = Get-QADUser nologonhours -IncludedProperties logonhours | Select LogonHours
$logonHours = $userLogonHoursEnabled.logonHours
# Set logon hours on user
Get-QADUser blopez | Set-QADUser -ObjectAttributes @{logonHours = $logonHours}
but it fails with:
Set-QADUser : The server is unwilling to process the request. (Exception from HRESULT: 0x80072035)
$userLogonHoursEnabled.logonhours returns:
000000000000000000000000000000000000000000
so that bit appears to be working OK, but setting that property onto a different account will not.
|
|
|
Posts:
415
Registered:
9/4/07
|
|
|
|
Re: Setting user logon hours
Posted:
Dec 1, 2008 4:07 AM
in response to: jmedd
|
|
|
Try this variant:
# Get template user logon hours
$userLogonHoursEnabled = Get-QADUser nologonhours -IncludedProperties logonhours
$logonHours = $userLogonHoursEnabled["logonHours"]
# Set logon hours on user
Get-QADUser blopez | Set-QADUser -ObjectAttributes @{logonHours = $logonHours}
LogonHours attribute has OctetString syntax. Therefore it's stored in AD as array of bytes. Get-QAD* cmdlets convert attribute values to user-friendly form by default. To get raw attribute value you have to use either method above either -DontConvertValuesToUserFriendlyReperesentation switch.
|
|
|
Posts:
81
Registered:
4/3/08
|
|
|
|
Re: Setting user logon hours
Posted:
Dec 1, 2008 4:22 AM
in response to: Andrey Moiseev ...
|
|
|
Thanks for the reply. I tried running your variant, but got:
Set-QADUser : Unspecified error
At C:\Scripts\EmployeeNumber\DisableUser3.ps1:5 char:33
+ Get-QADUser blopez | Set-QADUser <<<< -ObjectAttributes @{logonHours = $logonHours}
|
|
|
Posts:
1,919
Registered:
1/31/08
|
|
|
|
Re: Setting user logon hours
Posted:
Dec 1, 2008 4:40 AM
in response to: jmedd
|
|
|
Try with the array comma operator:
$template = Get-QADUser nologonhours -IncludedProperties logonhours
$logonHours=$template.DirectoryEntry.logonHours
Set-QADUser blopez -oa @{logonHours = ,$logonHours}
Message was edited by: Shay Levy
|
Shay Levy [MVP]
http://blogs.microsoft.co.il/blogs/ScriptFanatic
PowerShell Toolbar
|
|
Posts:
415
Registered:
9/4/07
|
|
|
|
Re: Setting user logon hours
Posted:
Dec 1, 2008 4:47 AM
in response to: Andrey Moiseev ...
|
|
|
Then, you need to use ADSI:
# Get template user logon hours
$userLogonHoursEnabled = Get-QADUser nologonhours -IncludedProperties logonhours
$logonHours = $userLogonHoursEnabled["logonHours"]
# Set logon hours on user
$user = Get-QADUser blopez
$dirEntry = $user.DirectoryEntry.PSBase
$dirEntry.Properties["logonHours"].Value = $logonHours
$dirEntry.CommitChanges()
# Verify
Get-QADUser blopez -ip logonHours | ft logonHours
|
|
|
Posts:
81
Registered:
4/3/08
|
|
|
|
Re: Setting user logon hours
Posted:
Dec 1, 2008 5:02 AM
in response to: Andrey Moiseev ...
|
|
|
Thanks Shay and Andrey.
Shay's post generated a similar error so I tried Andrey's using ADSI example and that works.
Thanks so much for the help from both you guys. 
|
|
|
Posts:
1,919
Registered:
1/31/08
|
|
|
Posts:
81
Registered:
4/3/08
|
|
|
|
Re: Setting user logon hours
Posted:
Dec 1, 2008 5:55 AM
in response to: Shay Levy
|
|
|
OK, I have QAD 1.1.2.761 and PS V1 so maybe that explains it.
Thanks
|
|
|
Posts:
31
Registered:
3/10/07
|
|
|
|
Re: Setting user logon hours
Posted:
Dec 1, 2008 5:56 AM
in response to: Shay Levy
|
|
|
This modification of Shay's code has worked for me:
$template = Get-QADUser nologonhours -IncludedProperties logonhours
[array]$logonHours=$template.DirectoryEntry.logonHours
Set-QADUser blopez -oa @{logonHours = $logonHours}
-aleksandar
http://powershellers.blogspot.com
|
|
|
Posts:
81
Registered:
4/3/08
|
|
|
|
Re: Setting user logon hours
Posted:
Dec 1, 2008 6:13 AM
in response to: aleksandar
|
|
|
Nice! Worked with my V1 version.
Thank you
|
|
|
Posts:
9
Registered:
12/2/08
|
|
|
|
Re: Setting user logon hours
Posted:
Dec 2, 2008 1:46 AM
in response to: jmedd
|
|
|
Hey guys. I'd written that post based on a previous version of the AD cmdlets. It was working fine in production for a while, and I didn't notice it had stopped working until somebody recently pointed out a related error on literally thousands of user accounts! I hadn't got round to looking at fixing it yet, so thanks for this!
I'll update the original blog post, referring people here.
|
|
|
Posts:
24
Registered:
4/30/08
|
|
|
|
Re: Setting user logon hours
Posted:
Aug 19, 2010 10:46 PM
in response to: jmedd
|
|
|
Can I get a little help on this please? I'm trying to use this script to disable a list of users logonHours. I want to get the list from a text file. If I run the commands below one by one on my PS cmd line, it works fine but when I try to iterate over the names from the text file I get this error:
Cannot index into a null array.
At D:\scripts\DisableUserLogonHours.ps1:22 char:22
+ $dirEntry.Properties[ <<<< "logonHours"].Value = $logonHours
+ CategoryInfo : InvalidOperation: (logonHours:String) [], RuntimeException
+ FullyQualifiedErrorId : NullArray
You cannot call a method on a null-valued expression.
At D:\scripts\DisableUserLogonHours.ps1:23 char:24
+ $dirEntry.CommitChanges <<<< ()
+ CategoryInfo : InvalidOperation: (CommitChanges:String) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
Here is the script:
$userLogonHoursDisabled = Get-QADUser test-Betty10 -IncludedProperties logonhours
$logonHours = $userLogonHoursDisabled["logonHours"]
#Specify the path to the input file that contains the list of users
$UserList = Get-Content D:\scripts\DisableLogonHours.txt
#Iterate through the list of Users in the file and disable all logon hours
foreach ($user in $UserList) {
$disableUserHours = Get-QADUser $user
$dirEntry = $user.DirectoryEntry.PSBase
$dirEntry.Properties["logonHours"].Value = $logonHours
$dirEntry.CommitChanges()
}
The script keeps failing on this line:
$dirEntry.Properties["logonHours"].Value = $logonHours
If I don't read the name in from a text file and manually put it in, no problem. I'm a novice at this and don't understand the error message. Can somebody help? Shay? By the way, I could not get Shay's script to work in my shell which is why I am using this one.
Thank you,
-Theo
|
|
|
Posts:
1,919
Registered:
1/31/08
|
|
|
Posts:
24
Registered:
4/30/08
|
|
|
|
Re: Setting user logon hours
Posted:
Aug 20, 2010 7:20 AM
in response to: Shay Levy
|
|
|
Tried it and it didn't work. Here is my error:
Set-QADUser : The server is unwilling to process the request.
At line:1 char:39
+ get-qaduser test-betty10 | set-qaduser <<<< -objectattributes @{logonHours='FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FF'} #all hours allowed
+ CategoryInfo : NotSpecified: (:) [Set-QADUser], DirectoryServicesCOMException
+ FullyQualifiedErrorId : System.DirectoryServices.DirectoryServicesCOMException,Quest.ActiveRoles.ArsPowerShellSn
apIn.Powershell.Cmdlets.SetUserCmdlet
Why does my script fail reading the username from a text file and work correctly when I enter each line in the script one by one in my shell? I've got a list of about 50 users that I need to do this for.
What does the error mean?
Set-QADUser : The server is unwilling to process the request.
At line:1 char:39
+ get-qaduser test-betty10 | set-qaduser <<<< -objectattributes @...
What did my script error mean?
+ $dirEntry.Properties[ <<<< "logonHours"].Value = $logonHours
+ CategoryInfo : InvalidOperation: (logonHours:String) [], RuntimeException
+ FullyQualifiedErrorId : NullArray
You cannot call a method on a null-valued expression.
At D:\scripts\DisableUserLogonHours.ps1:23 char:24
+ $dirEntry.CommitChanges <<<< ()
+ CategoryInfo : InvalidOperation: (CommitChanges:String) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
What is the help command to show me what me this means?
-objectattributes @{
Or this?
Get-QADUser -ip | ft
Thank you
|
|
|
Posts:
1,919
Registered:
1/31/08
|
|
|
|
Re: Setting user logon hours
Posted:
Aug 20, 2010 7:24 AM
in response to: Theo22
|
|
|
I can't test it at home, maybe with this:
get-qaduser user1 | set-qaduser -objectattributes @{logonHours='\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF'}
Gget help on the ObjectAttributes parameter:
help New-QADObject -Parameter ObjectAttributes
|
Shay Levy [MVP]
http://blogs.microsoft.co.il/blogs/ScriptFanatic
PowerShell Toolbar
|
|
|
Legend
|
|
MVP: 2501
+
pts
|
|
Guru: 2001
- 2500
pts
|
|
Expert: 751
- 2000
pts
|
|
Enthusiast: 31
- 750
pts
|
|
Novice: 0
- 30
pts
|
|
Moderators
|
|
Helpful answer
(5 pts)
|
|
Answered
(10 pts)
|
|
