JEAZ The bump and grind of daily SysAdmin life


Set Network Access Permission with PowerShell natively!

On the Active Directory Dial-in tab there is a section titled Network Access Permission which many VPN systems use to control access on a per-account basis.

You can set the value of this property using native PowerShell commands!

Get-ADUser -Filter {samaccountname -eq "AccountNameHere"} -SearchBase "OU=Some OU, DC=domain, DC=local" | Set-ADUser -Clear msNPAllowDialIn

Get-ADUser -Filter {samaccountname -eq "AccountNameHere"} -SearchBase "OU=Some OU, DC=domain, DC=local" | Set-ADUser -Add @{msNPAllowDialIn=$FALSE}

Comments (0) Trackbacks (0)
  1. Thanks

    You skip the first clear by using -replace instead of -Add

    Get-ADUser -Filter {samaccountname -eq “AccountNameHere”} -SearchBase “OU=Some OU, DC=domain, DC=local” | Set-ADUser -replace @{msNPAllowDialIn=$FALSE}

  2. I use this command and it also works
    Get-ADUser -identity username -Properties msNPAllowDialin | Set-ADUser -Replace @{msNPAllowDialin=$false}

Leave a comment

No trackbacks yet.