This is the custom requirement that landed in our plate and we created it as generic powershell magic so that it is useful for community members.
Here are the requirements:
- Target all users in specific Organizational Unit in Active directory
- Provide the machine list from text file
- Add restriction of logon to these user accounts to only computers in the machine list.
- Remove specific computers from restriction list.
- Option to completely remove the restriction from the user account.
Prerequisites for this solution:
Download the Script from PowerShell Gallery or GitHub link below:
https://www.powershellgallery.com/packages/RestrictUserAccounts
Install-Script -Name RestrictUserAccounts
https://github.com/VikasSukhija/Downloads/blob/master/RestrictUserAccounts.ps1
Create a list of machines and place the text file in the same location as script.
You can run the script with three different options:
- Addition of computers in the machines.txt to the LogonWorkstations without removing the existing computers
.\RestrictUserAccounts.ps1 -OU ‘OU=Lab,OU=PTU,OU=WVD,OU=InfrastructureServices,DC=lab,DC=labtest,DC=com’ -Machinelist ‘machines.txt’ -operation RestrictionADD
- Removal of computers in the machines.txt from the LogonWorkstations without removing the existing computers
.\RestrictUserAccounts.ps1 -OU ‘OU=Lab,OU=PTU,OU=WVD,OU=InfrastructureServices,DC=lab,DC=labtest,DC=com’ -Machinelist ‘machines.txt’ -operation RestrictionRemove
- Removal of all computers from the LogonWorkstations and setting the user account as unrestricted
.\RestrictUserAccounts.ps1 -OU ‘OU=Lab,OU=PTU,OU=WVD,OU=InfrastructureServices,DC=lab,DC=labtest,DC=com’ -Machinelist ‘machines.txt’ -operation RestrictionRemove
Result example:
On running it, first time will create the logs folder where log for the execution will be stored.
Do test it before running it on organizational unit with large number of users.
Thanks for reading and downloading….
Tech Wizard