Permitted logon hours on group with Active Directory

StackOverflow https://stackoverflow.com/questions/7745499

Question

I search for a long time how I can define permitted logon hours on group like it is possible to do with user from the account tab in Active Directory.

I already have a class in c# that can make queries to returns a list of all permitted hours of a user with the help 'logonhours' properties.

  public byte[] GetLogonHours(string userName, string password, string path)
  {
     DirectoryEntry entry = this.GetUserAccount(userName, path);

     return (byte[])entry.Properties["logonHours"].Value;
  }

  public DirectoryEntry GetUserAccount(string username, string path)
  {
     using (DirectoryEntry objRootEntry = new DirectoryEntry(path))
     {
        using (DirectorySearcher objAdSearcher = new DirectorySearcher(objRootEntry))
        {
           objAdSearcher.Filter = "(&(objectClass=user)(samAccountName=" + username + "))";

           SearchResult objResult = objAdSearcher.FindOne();

           if (objResult != null)
           {
              return objResult.GetDirectoryEntry();
           }
        }
     }

     return null;
  }

I used this post to help me understanding how I can query the logon hours:

http://anlai.wordpress.com/2010/09/07/active-directory-permitted-logon-times-with-c-net-3-5-using-system-directoryservices-accountmanagement/

It is important to understand that I don't want a feature to know when the last time a user has been logged. What I have is a feature that prevent a user logging at some moments.

What I want is a feature that can apply logon hours for a group of users and I can query the Active Directory with c# to get these logon hours information.

Thank you very much.

Was it helpful?

Solution

In my understanding logon hours information is a user information. As discribed in HOW TO: Limit User Logon Time in a Domain in Windows Server 2003 pointed by @Knite you can change it :

  1. User by user, whatever if you loop on a list of user
  2. Applying a GPO to an organizationalUnit users belongs to

In your case you can loop for all the members of a group and change their logon hours.

OTHER TIPS

According to http://support.microsoft.com/kb/816666 , you should generate the list of users in a group and write their logon hours to a CSV file.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top