I have to make a script to add a computer to the list of computers that a user is allowed to logon on Active Directory. My situation is that if i have to change the name of the computer, i have to set the new name to all the users that were allowed to logon on the old computer name. So i have to search on each user's computer logon list if the old name is there, and then remove this old computer and add the new one. How can i make this using a PS script?

• Edited by MDeitos Thursday, June 18, 2015 5:22 PM

Start with Help Get-AdUser and Set-Aduser.

Read all of the help. Use the online version as it is easier to follow when you are just learning.

Hi MDeitos,

Did you means to set the logonworkstation property in ADuser, in this case, please refer to the script below to start, which can check if current logonworkstation contains oldcomputername, if yes the script will replace the old computername with new one.

If you want to run the script against bulk ADUSers, please use the Foreach cmdlet to loop:

$UserProperties = get-AdUser -Identity anna -Properties LogonWorkstations|select -ExpandProperty LogonWorkstations #get current computernames that anna can access
$NEWcomp="new"
$oldcomp="old"
if ($UserProperties -match $oldcomp){
$new = $UserProperties -replace $oldcomp,$NEWcomp #replace the old computername with the new computername
$new
Set-ADUser -Identity anna -LogonWorkstations $new}

If there is anything else regarding this issue, please feel free to post back.

Best Regards,

Anna Wang

FYI

Here is a somewhat simpler method.

$user=get-AdUser -Identity anna -Properties LogonWorkstations
$user.LogonWorkstations+=$new
$user.LogonWorkstations=$user.LogonWorkstations|?{$_ -ne $old}
Set-ADUser -Instance $user

Hi,

Please also note the LogonWorkstations property only access string with a single comma-separated list:

https://technet.microsoft.com/en-us/library/ee617215.aspx

If there is anything else regarding this issue, please feel free to post back.

Best Regards,

Anna Wang