In this guide, I’ll show you how to get user logon hours in Active Directory.
By default, Active Directory user accounts are allowed to logon at all hours. You can view or modify the logon hours by clicking the account tab and then clicking Logon Hours.
You will then get the window below that shows the user’s logon hours for all days of the week.
The problem is… Active Directory stores the user’s logon hours into a 21-byte array. This makes it difficult to read when trying to create a report for all users.
To display a users logon hours with PowerShell, use this command.
get-aduser -identity adam.hickey -properties LogonHours | select name, logonhoursBut as you can see below PowerShell does not display the logon hours in an easy-to-read format.
That is not a very useful report. Below I’ll show you a logon hours report that is much easier to read and can quickly be generated for all domain users.
Easy to Read Logon Hours Report for All Users
Our Active Directory Reporting software now includes an easy to read logon hours report.
To run the report, click on Logon Reports > Logon Hours Report
You can run the report for all users or click “Browse” to select an OU.
See the example report below.
As you can see it converts the binary data into an easy to read format for each user.
You can export the report by clicking the export button and selecting CSV, Excel or PDF.
- If a day says “Not Set” it means the default logon hours have not been changed. This means all hours are allowed.
- If a day is blank, it means all logon hours are denied.
- If a day list a time frame it means the user can logon only during that time.
Download a Free Trial of AD Pro Toolkit and try the logon hours report in your domain.