LogonWorkstions/UserWorkstation attribute is empty/null, but the radio button is set, how can I detect this situation?

bmcmcm 21 Reputation points
2021-10-20T17:12:25.553+00:00

How can I use Set-AdUser to change the state of this radio button without adding or removing computer accounts from the list? Another way to ask the same question is, how can I detect the state of this radio button using PowerShell, even if the list of computers is empty, but the button is set to "The following computers"?

142135-2021-10-20-9-20-54.jpg

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,858 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,364 questions
0 comments
Accepted answer
  1. Gary Reynolds 9,391 Reputation points
    2021-10-20T18:26:07.26+00:00

    Hi @bmcmcm

    The radio button reflects the state of the userWorkstatons attribute, if the value is not set, then the All computers radio button is set, the userWorkstaitons contains any value then the The following computers radio button is selected. ADUC does sometimes contradicting the previous statement. If you click on The following computers but don't enter anything and close the dialog, if you then click on Logon To against without closing the properties dialog, it will show the The following computers radio button still selected, However, if you close the user properties and open it again. Then the dialog will display the current state of the userWorkstation attribute and display All computers selected.

    How to find all users that have the userWorkstations defined or The Following computers selected, you can use the following LDAP filter (&(objectclass=user)(userworkstations=*)) This is the powershell command 

    Get-ADUser -ldapfilter '(userWorkstations=*)'

    To find the users that don't have the userWorkstations set or All Computers selected use the following command: 

    Get-ADUser -ldapfilter '(!userWorkstations=*)'

    To set the userworkstations attribute use the following powershell command: 

    Set-ADUser -Identity $username -LogonWorkstations $comp

    And to clear the userworkstations attribute user 

    Set-ADUser -Identity $username -LogonWorkstations $null

    Gary.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,356 Reputation points
    2021-10-22T08:13:08.16+00:00

    Hello BrianMcMahon,

    I usually use the next script to load workstations to users:

    Import-Module ActiveDirectory
    $complist = Import-Csv -Path "c:\workstationList.csv" | ForEach-Object {$_.NetBIOSName}
    foreach($comp in $complist){
    $comparray += $comp
    }
    Set-ADUser -Identity username -LogonWorkstations $comparray

    As always if you have any questions please don't hesitate to contact us.

    0 comments