jschlackman/Set-LastLoggedOnUser.ps1

## Set-LastLoggedOnUser.ps1
# Name: Set-LastLoggedOnUser
# Author: James Schlackman
# Last Modified: May 31 2019
#
# Sets the last logged on user on the Windows login screen to a specificied AD user. Will first check
# for a user in the managedBy attribute of the current computer and offer the option to use that
# user automatically. If declined, prompts for an AD username to use instead.
#
# This script uses ADSI for AD queries inatead of the ActiveDirectory module since that module is not
# installed by default on standard workstations.


# Connect to default domain
$rootDse = New-Object System.DirectoryServices.DirectoryEntry("LDAP://RootDSE")
$Domain = $rootDse.DefaultNamingContext
$root = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$Domain")

# Get computer name from environment variable
$ComputerName = $env:COMPUTERNAME

# Find a single computer matching this name in the current domain
$searcher = New-Object System.DirectoryServices.DirectorySearcher($root)
$searcher.Filter = "(&(objectClass=computer)(name=$ComputerName))"
[System.DirectoryServices.SearchResult]$compAccount = $searcher.FindOne()

# If we found a computer, get its description
if ($compAccount)
{

    # If the computer has the managedBy attribute set, set the registered Windows owner with that user's name and organization
    [String]$managedBy = $compAccount.Properties["managedBy"]
    if ($managedBy) {

        # Confirm if we want to use this user
        Write-Host "`nFound the following primary user of this workstation:" -ForegroundColor Green
        Write-Host "$managedBy`n`nSet this user as the last logged-on user? (Y/N): " -NoNewline

        $response = (Read-Host).ToUpper()
    }

    If ($response -eq 'Y') {

        $userDN = $managedBy

    } Else {

        $userDN = ''

        # Get a new username to set as the last logged on user
        While ($userDN -eq '') {

            Write-Host "`nEnter a username to find in AD: " -NoNewline
            $findName = Read-Host

            # Find the corresponding AD object
            $searcher.Filter = "(&(objectClass=user)(sAMAccountName=$findName))"

            [System.DirectoryServices.SearchResult]$userAccount = $searcher.FindOne()
            If ($userAccount) {
                $userDN = $userAccount.Properties["distinguishedname"]
            } Else {
                Write-Host "Could not find that user in AD." -ForegroundColor Red
            }

        }

        # Confirm if we want to use this user
        Write-Host "`nFound this user in AD:" -ForegroundColor Green
        Write-Host "$userDN`n`nSet this user as the last logged-on user? (Y/N): " -NoNewline

        $response = (Read-Host).ToUpper()

    }

    If ($response -eq 'Y') {

        # Search for the user by the retrieved DN
        $searcher.Filter = "(distinguishedName=$userDN)"

        # Now search for the user object

        $searcher.PropertiesToLoad.AddRange(("msDS-PrincipalName","displayName","objectSid"))

        [System.DirectoryServices.SearchResult]$user = $searcher.FindOne()

        # Get the SID of the returned user
        $userSid = (New-Object System.Security.Principal.SecurityIdentifier $user.Properties["objectSid"][0],0).Value

        # Now populate the registry keys needed to set this as the last logged on user

        $logonUI = "HKLM:\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI"

        Set-ItemProperty -Path $logonUI -Name "LastLoggedOnDisplayName" -Value $user.Properties["displayName"]
        Set-ItemProperty -Path $logonUI -Name "LastLoggedOnUser" -Value $user.Properties["msDS-PrincipalName"]
        Set-ItemProperty -Path $logonUI -Name "LastLoggedOnSAMUser" -Value $user.Properties["msDS-PrincipalName"]
        Set-ItemProperty -Path $logonUI -Name "LastLoggedOnUserSID" -Value $userSid

        Write-Host "`n$($user.Properties["msDS-PrincipalName"]) ($($user.Properties["displayName"])) set as last logged on user."

    }
}
	# Name: Set-LastLoggedOnUser
	# Author: James Schlackman
	# Last Modified: May 31 2019
	#
	# Sets the last logged on user on the Windows login screen to a specificied AD user. Will first check
	# for a user in the managedBy attribute of the current computer and offer the option to use that
	# user automatically. If declined, prompts for an AD username to use instead.
	#
	# This script uses ADSI for AD queries inatead of the ActiveDirectory module since that module is not
	# installed by default on standard workstations.


	# Connect to default domain
	$rootDse = New-Object System.DirectoryServices.DirectoryEntry("LDAP://RootDSE")
	$Domain = $rootDse.DefaultNamingContext
	$root = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$Domain")

	# Get computer name from environment variable
	$ComputerName = $env:COMPUTERNAME

	# Find a single computer matching this name in the current domain
	$searcher = New-Object System.DirectoryServices.DirectorySearcher($root)
	$searcher.Filter = "(&(objectClass=computer)(name=$ComputerName))"
	[System.DirectoryServices.SearchResult]$compAccount = $searcher.FindOne()

	# If we found a computer, get its description
	if ($compAccount)
	{

	# If the computer has the managedBy attribute set, set the registered Windows owner with that user's name and organization
	[String]$managedBy = $compAccount.Properties["managedBy"]
	if ($managedBy) {

	# Confirm if we want to use this user
	Write-Host "`nFound the following primary user of this workstation:" -ForegroundColor Green
	Write-Host "$managedBy`n`nSet this user as the last logged-on user? (Y/N): " -NoNewline

	$response = (Read-Host).ToUpper()
	}

	If ($response -eq 'Y') {

	$userDN = $managedBy

	} Else {

	$userDN = ''

	# Get a new username to set as the last logged on user
	While ($userDN -eq '') {

	Write-Host "`nEnter a username to find in AD: " -NoNewline
	$findName = Read-Host

	# Find the corresponding AD object
	$searcher.Filter = "(&(objectClass=user)(sAMAccountName=$findName))"

	[System.DirectoryServices.SearchResult]$userAccount = $searcher.FindOne()
	If ($userAccount) {
	$userDN = $userAccount.Properties["distinguishedname"]
	} Else {
	Write-Host "Could not find that user in AD." -ForegroundColor Red
	}

	}

	# Confirm if we want to use this user
	Write-Host "`nFound this user in AD:" -ForegroundColor Green
	Write-Host "$userDN`n`nSet this user as the last logged-on user? (Y/N): " -NoNewline

	$response = (Read-Host).ToUpper()

	}

	If ($response -eq 'Y') {

	# Search for the user by the retrieved DN
	$searcher.Filter = "(distinguishedName=$userDN)"

	# Now search for the user object

	$searcher.PropertiesToLoad.AddRange(("msDS-PrincipalName","displayName","objectSid"))

	[System.DirectoryServices.SearchResult]$user = $searcher.FindOne()

	# Get the SID of the returned user
	$userSid = (New-Object System.Security.Principal.SecurityIdentifier $user.Properties["objectSid"][0],0).Value

	# Now populate the registry keys needed to set this as the last logged on user

	$logonUI = "HKLM:\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI"

	Set-ItemProperty -Path $logonUI -Name "LastLoggedOnDisplayName" -Value $user.Properties["displayName"]
	Set-ItemProperty -Path $logonUI -Name "LastLoggedOnUser" -Value $user.Properties["msDS-PrincipalName"]
	Set-ItemProperty -Path $logonUI -Name "LastLoggedOnSAMUser" -Value $user.Properties["msDS-PrincipalName"]
	Set-ItemProperty -Path $logonUI -Name "LastLoggedOnUserSID" -Value $userSid

	Write-Host "`n$($user.Properties["msDS-PrincipalName"]) ($($user.Properties["displayName"])) set as last logged on user."

	}
	}