VBScript program to document logon hours for all users in the domain. The logonHours attribute
defines the hours during the week when the user is allowed to logon in the domain. The hours are
specified on the Account tab of ADUC by clicking the "Logon Hours..." button.
The program uses ADO to retrieve the logonHours attribute for all users. The values retrieved are
byte strings. The program converts each byte string into an array of 21 bytes, then into an array
of 168 bits, one bit for each hour of the week. The array is offset by the local time zone bias
stored in the local machine registry. This converts the information from UTC into local time.
The time zone bias read from the local registry is adjusted by the operating
system for daylight savings time, so the settings remain the same all year
in local time. However, the allowed logon hours will be different in
different time zones.
For each user the program outputs the user Distinguished Name. If the logonHours attribute is Null,
the user is allowed to logon during all hours. In this case the program outputs the string
"All Hours". Otherwise, the program outputs a 3 line header, then one line for each of
the 7 days in a week. Each line indicates the day of of the week, followed by either a 0 or a 1 for
each of the 24 hours of the day. A "0" means that the user is not allowed to logon during that hour.
A "1" means the user is allowed to logon during that hour.
The output for a typical user might be as follows:
cn=Jim Smith,ou=Sales,ou=West,dc=MyDomain,dc=com
Day
Of ------- Hour of the Day -------
Week M-3 3-6 6-9 9-N N-3 3-6 6-9 9-M
Sun 000 000 000 000 000 000 000 000
Mon 000 000 011 111 111 111 000 000
Tue 000 000 011 111 111 111 000 000
Wed 000 000 011 111 111 111 000 000
Thu 000 000 011 111 111 111 110 000
Fri 000 000 011 111 111 111 000 000
Sat 000 000 011 111 100 000 000 000
This means the user cannot logon at all on Sundays. On Monday through Friday the user can logon
from 7:00 AM until 6:00 PM, except on Thursday when they can logon until 8:00 PM. On Saturday the
user can logon from 7:00 AM until 1:00 PM.
Each user results in either 2 lines of output if the logonHours attribute is not configured, or 11
lines of output. The output can be redirected to a text file by running the program at a command
prompt with the cscript host. For example, to create the file report.txt with the logon hours
documented for all users, use the following command at a command prompt:
cscript //nologo AllUsersLogonHours.vbs > report.txt
This assumes that the program AllUsersLogonHours.vbs is in the current directory. Otherwise you
must specify the full path to the program. The file report.txt is created in the current directory.
AllUsersLogonHours.txt <<-- Click here to view or download the program
An equivalent PowerShell script is linked below.
PSAllUsersLogonHours.txt <<-- Click here to view or download the program