Share via

Changing "Sessions" information on user account in Active Directory with Powershell

  • Article

Doing some digging with a teammate today it was incredibly difficult to find information on how to automate the settings change of the Sessions tab on a user object.  Different paths indicate we need to edit the userParameters attribute but you've probably found that it's a binary blob and not easily manageable.  Perhaps you went down the iadstsuserex road as well.  If so, you might want to take a shower and come back now...

Well without further ado, here it is! 

 

# Get the current settings

$admin = [adsi]'LDAP://CN=Administrator,CN=Users,DC=extestdc,DC=extest,DC=microsoft,DC=com'

$admin.psbase.InvokeGet('MaxIdleTime')

$admin.psbase.InvokeGet('MaxConnectionTime')

$admin.psbase.InvokeGet('MaxDisconnectionTime')

# Update to new values in minutes...

$admin.psbase.InvokeSet('MaxIdleTime', 5)

$admin.psbase.InvokeSet('MaxConnectionTime', 1000)

$admin.psbase.InvokeSet('MaxDisconnectionTime', 200)

$admin.psbase.CommitChanges()

# Validate

$admin = [adsi]'LDAP://CN=Administrator,CN=Users,DC=extestdc,DC=extest,DC=microsoft,DC=com'

$admin.psbase.InvokeGet('MaxIdleTime')

$admin.psbase.InvokeGet('MaxConnectionTime')

$admin.psbase.InvokeGet('MaxDisconnectionTime')

 

So that is how you do it in powershell.  Hopefully someone searching for this topic in the future will find this.

 

-B

Comments

  • Anonymous
    January 01, 2003
    Much easier than vbs.

  • Anonymous
    July 17, 2014
    Found it !
    Thanks

  • Anonymous
    July 28, 2015
    The comment has been removed