It's possible to set up login hours on the individual user level. Is the
same possible for on the group, OU or domain level?
Thank you for you time.
Sincerely,
Michal
To set logon hours for a user, use Active Directory Users and Computers.
Open the Users properties.
Select the Account tab.
Press the Logon Hours button.
Or
use the NET USER UserName /times:{times | all} /domain
Specifies the times the user is allowed to use the computer. The times value is expressed as day[-day][,day[-day]] ,time[-time][,time[-time]], limited to 1-hour time increments. Days can be spelled out or abbreviated (M,T,W,Th,F,Sa,Su).
Hours can be 12- or 24-hour notation. For 12-hour notation, use AM, PM, or A.M., P.M. The value all means a user can always log on. A null value (blank) means a user can never log on. Separate day and time with commas, and units of day and
time with semicolons (for example, M,4AM-5PM;T,1PM-3PM). Do not use spaces when designating times.
For a group or OU or domain, script the retrievial of the approriate member and issue the net use command.
You can use ADFIND, tip 5898 in the 'Tips & Tricks' at
http://www.jsifaq.com to retrieve the members is a FOR command.
Example of an OU is: (all on 1 line)
for /f "Skip=2 Tokens=*" %a in ('adfind -b "OU=West,DC=JSIINC,DC=COM" -f "&(objectcategory=person)" -nodn -nolabel sAMAccountName ^|FIND /V "Objects returned"') do net user %a /times:M-F,08:00-17:00 /Domain
(In a batch use %%a instead of %a
