Is there any way to query a list of users who can access a VPN connection in Windows Server 2008 R2
Is the main thing that controls the ability to connect to VPN for a given user just depend on the settings on the Dial In tab?
Yes, and you can get it with PowerShell (run on a domain controller) like this:
$usernames = Get-ADUser -Filter * | select -ExpandProperty SamAccountName
foreach ($username in $usernames) {
$dialin = Get-ADUser $username -Properties * | select -ExpandProperty msNPAllowDialin
if ($dialin -eq "True") {
Write-Output $username
}
}
Alternatively, you can get it from a command-prompt (run on a domain controller) using dsquery
:
dsquery * -Filter "(&(objectCategory=person)(objectClass=user)(msNPAllowDialin=TRUE))"
Related videos on Youtube
Steve Reeder
Updated on September 18, 2022Comments
-
Steve Reeder over 1 year
I was wondering if it is possible to query (powershell, ADUC, etc) and generate a list of users who are able to login to a VPN server running on Windows Server 2008 R2?
Is the main thing that controls the ability to connect to VPN for a given user just depend on the settings on the Dial In tab?
Edit
For Techie007, here is the error output
Select-Object : Cannot process argument because the value of argument "obj" is null. Change the value of argument "obj" to a non-null value. At C:\Users\itsupport\function.ps1:5 char:58 + $dialin = Get-ADUser $username -Properties * | select <<<< -ExpandProper ty msNPAllowDialin + CategoryInfo : InvalidArgument: (:) [Select-Object], PSArgument NullException + FullyQualifiedErrorId : ArgumentNull,Microsoft.PowerShell.Commands.Selec tObjectCommand
The above output gets printed out over and over and over, and then it will print a single username, and then show the error again, and then print another username, and then show the error again. Any idea as to why it is doing that?
-
Steve Reeder over 7 yearsadding error output to original question. the first one worked, somewhat, but with some error output between each username..
-
Ƭᴇcʜιᴇ007 over 7 yearshmm, which version of PowerShell are you using (
$psversiontable.PSVersion
run in PowerShell will tell you)? -
Steve Reeder over 7 yearsLooks like PowerShell v2 :( I was able to filter out the errors and get the data I needed from your first PowerShell script.
-
Steve Reeder over 7 yearsBTW Techie007, you have saved my ass so many times. I just wanted to be sure you were aware how much I appreciate your help. Thank you!
-
Ƭᴇcʜιᴇ007 over 7 yearsNo problem Richie, I appreciate it. ;) PS: 2008R2 support up to PowerShell Version 5 (latest right now). You should AT LEAST upgrade it to PS3, as 3 is significantly better than 2. If you're not running an older Exchange or SBS version, you could even go to v5 (but double check/google compatibility with services you have running before doing that).
-
Steve Reeder over 7 yearsI'd love to upgrade, but I'm on a project that will only be ongoing for another day and this is a production environment that I am not responsible for. If they want to upgrade they can, but I always try to be hands off when it comes to someone else's production environment.