I needed to remove the logon script option in AD for all users of an entire domain. I used the following commands:
Get-ADUser –filter *
This command will list all AD Users
Get-ADUser –filter * | Measure-Object
This command will list the number of users
Get-ADUser –identify ADAdmin –properties *
This command will get all properties of a specific user … in this example, the user is ADAdmin
Get-ADUser –filter * –properties * | Format-Table Name, ScriptPath
This will list the name, and logon script
Get-ADUser –filter * | Set-ADUser –server dc03 –clear scriptpath
This will erase the logon script for all users, running against the server called DC03
Properties you can use with Set-ADUser are:
AccountExpirationDate
accountExpires
AccountLockoutTime
AccountNotDelegated
adminCount
AllowReversiblePasswordEncryption
BadLogonCount
badPasswordTime
badPwdCount
CannotChangePassword
CanonicalNameCertificatesCity
CN
codePage
Company
Country
countryCode
Created
createTimeStamp
Deleted
Department
Description
DisplayName
displayNamePrintable
DistinguishedNameDivision
DoesNotRequirePreAuth
dSCorePropagationData
EmailAddress
EmployeeID
EmployeeNumber
Enabled
extensionName
Fax
GivenName
HomeDirectory
HomedirRequired
HomeDrive
homeMDB
homeMTA
HomePage
HomePhone
Initials
instanceType
ipPhone
isDeleted
LastBadPasswordAttempt
LastKnownParent
lastLogon
LastLogonDate
lastLogonTimestamp
legacyExchangeDN
LockedOut
logonCount
LogonWorkstations
mailNickname
Manager
mDBUseDefaults
MemberOfMNSLogonAccount
MobilePhone
Modified
modifyTimeStamp
msDS-User-Account-Control-Computed
msExchALObjectVersion
msExchHomeServerName
msExchMailboxGuid
msExchMailboxSecurityDescriptormsExchMobileMailboxFlags
msExchPoliciesExcluded
msExchRBACPolicyLinkmsExchRecipientDisplayType
msExchRecipientTypeDetails
msExchSafeSendersHash
msExchTextMessagingState
msExchUserAccountControl
msExchUserCulture
msExchVersion
msExchWhenMailboxCreated
msSBSComputerUserAccessOverride
msSBSCreationState
msSBSRoleGuid
msTSExpireDate
msTSLicenseVersion
msTSManagingLS
Name
nTSecurityDescriptorObjectCategoryObjectClass
ObjectGUID
objectSidOffice
OfficePhone
Organization
OtherName
PasswordExpired
PasswordLastSet
PasswordNeverExpires
PasswordNotRequired
POBox
PostalCode
PrimaryGroupprimaryGroupID
ProfilePath
ProtectedFromAccidentalDeletion
protocolSettings
proxyAddressespublicDelegatesBLpwdLastSet
SamAccountName
sAMAccountType
ScriptPath
sDRightsEffective
ServicePrincipalNames
showInAddressBookSIDSIDHistory
SmartcardLogonRequired
sn
State
StreetAddress
Surname
textEncodedORAddressTitle
TrustedForDelegation
TrustedToAuthForDelegation
UseDESKeyOnly
userAccountControl
userCertificate
No comments:
Post a Comment