Changing "Sessions" information on user account in Active Directory with Powershell


Doing some digging with a teammate today it was incredibly difficult to find information on how to automate the settings change of the Sessions tab on a user object.  Different paths indicate we need to edit the userParameters attribute but you’ve probably found that it’s a binary blob and not easily manageable.  Perhaps you went down the iadstsuserex road as well.  If so, you might want to take a shower and come back now…

Well without further ado, here it is! 

 

# Get the current settings

$admin = [adsi]‘LDAP://CN=Administrator,CN=Users,DC=extestdc,DC=extest,DC=microsoft,DC=com’

$admin.psbase.InvokeGet(‘MaxIdleTime’)

$admin.psbase.InvokeGet(‘MaxConnectionTime’)

$admin.psbase.InvokeGet(‘MaxDisconnectionTime’)

# Update to new values in minutes…

$admin.psbase.InvokeSet(‘MaxIdleTime’, 5)

$admin.psbase.InvokeSet(‘MaxConnectionTime’, 1000)

$admin.psbase.InvokeSet(‘MaxDisconnectionTime’, 200)

$admin.psbase.CommitChanges()

# Validate

$admin = [adsi]‘LDAP://CN=Administrator,CN=Users,DC=extestdc,DC=extest,DC=microsoft,DC=com’

$admin.psbase.InvokeGet(‘MaxIdleTime’)

$admin.psbase.InvokeGet(‘MaxConnectionTime’)

$admin.psbase.InvokeGet(‘MaxDisconnectionTime’)

 

So that is how you do it in powershell.  Hopefully someone searching for this topic in the future will find this.

 

-B

Comments (3)

  1. Anonymous says:

    Much easier than vbs.

  2. Jason says:

    Found it !
    Thanks

  3. Jane says:

    i’m getting : Exception calling "InvokeSet" with "2" argument(s): "Unknown name. (Exception from HRESULT: 0x80020006 (DISP_E_UNKNOWNNAME))"
    At line:3 char:24
    + $admin.psbase.InvokeSet <<<< (‘MaxIdleTime’, 5)
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

    what am I doing wrong? 🙁