A PowerShell script has been developed to assign the logonHours property of users from the information in an input file. The input file is a comma delimited file, specifying the Distinguished Names of the users, and 7 binary strings for each user designating the hours in the week when the user is allowed to logon to the domain.

The LogonHours property has Active Directory syntax OctetString, which is a "Byte Array". The program converts the the 7 strings into an array of 21 bytes, which is 168 bits, one for each hour of the week. A bit with value zero means the user is not allowed to logon for that hour. A bit with value one means the user is allowed to logon. The array is offset by the time zone bias (in hours) stored in the machine registry. This bias is the offset from UTC (Coordinated Universal Time) for the time zone set in the computer. The LogonHours property is stored in Active Directory in UTC.

The input comma delimited file has 8 fields. A header line defines the fields. The first field is the Distinguished Name of the user. Since Distinguished Names have embedded commas, the value must be enclosed in double quote characters. The following 7 fields on each line are strings representing the 7 days in a week. Each string is a series of 24 0's and 1's, one for each hour in a day. The digits can be separated by spaces, dashes, plus signs, or slashes to make them easier to read. An example of the input file with just two lines, the header line and a line for one user follows. Note that the second line word wraps below due to the length, but it is one line:

"cn=Jim Smith,ou=West,dc=MyDomain,dc=com",000 000 000 000 000 000 000 000,000 000 011 111 111 111 000 000,000 000 011 111 111 111 000 000,000 000 011 111 111 111 000 000,000 000 000 000 000 001 111 100,000 000 011 111 111 111 000 000,000 000 001 111 111 000 000 000

This example means the user cannot logon on Sundays (the first string after the Distinguished Name is 24 0's). On Mondays, Tuesdays, Wednesdays, and Fridays the user can logon from 7am until 6pm (a total of 11 hours). On Thursdays the user can logon from 5pm until 10pm (5 hours) and on Saturday from 8am until 3p (7 hours). You can create such a file from a spreadsheet, exporting in comma delimited format.

This program only requires PowerShell V1.

PSSetLogonHours.txt <<-- Click here to view or download the program