JSI Tip 9273. How can I set more than 8 workstations into a user's 'Logon Workstations' from the command line?

When you use the NET USER command, the /workstations: switch is limited to defining 8 workstation that a user can log on to.

When you use the DSADD USER or DSMOD USER Active Directory command-line tool, the ability to set the userWorkstations attribute is NOT included.

I have scripted userWorkstations.bat to allow you to set more that 8 workstations into a user's userWorkstations attribute.

The syntax for using userWorkstations.bat is:

userWorkstations UserDN LogonTo UWOK


UserDN   is the Distinguished Name of the user you wish to maintain.

LogonTo  is a sting of NetBIOS computer names, separated by commas, that you wish to allow the user to logging on to.

UWOK     is a call directed environment variable that will contain a
         Y if the maintenance was successful, or an N if the maintenance failed.
NOTE: userWorkstations.bat use AdMod.exe, which must be located in a folder that is in your PATH.

NOTE: I don't know what the absolute maximum number of workstations that you can configure is, but I gave up testing after reaching a large number.

userWorkstations.bat contains:

@echo off
if \{%3\}==\{\} @echo userWorkstations UserDN LogonTo UWOK&goto :EOF
set UWOK=N
set userDN=%1
set LogonTo=%2
set LogonTo=%LogonTo:"=%
call :quiet>nul 2>&1
endlocal&set %3=%UWOK%
goto :EOF
for /f "Tokens=*" %%a in ('admod -b %userDN%  "userWorkstations:-"^|Find "The command completed successfully"') do (
 set UWOK=Y
if "%UWOK%" EQU "N" goto :EOF
set UWOK=N
for /f "Tokens=*" %%a in ('admod -b %userDN%  "userWorkstations:+:%LogonTo%"^|Find "The command completed successfully"') do (
 set UWOK=Y

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.