Logon Hours Report Active Directory Users

by Leave a comment
Active Directory logon hours report for all users

In this guide, I’ll show you how to generate a Logon Hours report for all users in Active Directory.

By default, Active Directory user accounts are allowed to logon at all hours. You can view or modify the logon hours by clicking the account tab and then clicking Logon Hours.

You will then get the window below that shows the user’s logon hours for all days of the week.

The problem is… Active Directory stores the user’s logon hours into a 21-byte array. This makes it difficult to read when trying to create a report on all users.

Displaying the logon hours with PowerShell looks like this.

That is not a very useful report. Below I’ll show you a logon hours report that is much easier to read and can quickly be generated for all domain users.

Easy to Read Logon Hours Report for All Users

Our Active Directory Reporting software now includes an easy to read logon hours report.

To run the report click on Reports -> Users -> Users Logon Hours

As you can see the logon report below is split into three blocks of 8 bits for each weekday.

See the example report below.

Report Details

  • The logon hours are split into 3 blocks.
  • 0 = Denied
  • 1 = Allowed
  • Each bit represents 1 hour
    • Block 1 = 12AM to 8AM
    • Block 2 = 8AM to 4PM
    • Block 3 = 4PM to 12AM
  • Not Set = This means the logon hours have not been modified which by default allows the account to logon at all hours.

Example 1

Let’s look at the user Alice.Mills

  • Saturday & Sunday is set to all 0s. 0 means deny logon so Alice cannot logon at any hour on Sunday.
  • Weekdays are all set to 1. 1 means allow logon so Alice can logon at all hours of the weekdays.

Example 2

Let’s look at Alyce Henry which has more restrictive logon hours.

  • Sunday – All 0s. So Alyce cannot logon on Sunday.
  • Weekdays
    • 1st block is all 0s. This means the user cannot logon between the hours of 12AM to 8AM.
    • 2nd block is all 1s. This means the user can logon between the hours of 8AM to 4PM.
    • 3rd block has the first two bits as 1 and the rest as 0. This means the user can also logon between 4PM and 6PM.
    • To summarize this user can logon between the hours of 8AM to 6PM during the weekdays. Sunday and Saturday are denied.

To export the report to CSV just click the export button, then Export to CSV.

Logon hours report exported to CSV.

Download a Free Trial of AD Pro Toolkit and try the logon hours report in your domain.

Related Content

Get All Users Last Logon Date

List all Disabled Users in Active Directory

Leave a Comment