Clear Out Legacy Logon Script Values from AD

Need a way to clear out legacy logon script values from your AD users?  Follow along this guide for some quick PowerShell snippets to assist:


First, let's find all users that may have a logon script associated with their user account and export this list to a CSV file using the following PowerShell command:

Get-ADUser -filter {ScriptPath -like '*'} -Properties ScriptPath | select name, SID, ScriptPath | Export-Csv C:\work\users_with_scriptpath.csv

Open the CSV file and validate each logon script.  Feel free to delete some of the lines if you're not sure if the scripts are required.  Save the file as a CSV file after you're finished.


Next, let's compile our PowerShell script and save it as ClearScriptPath.ps1:

Import-Csv "c:\work\users_with_scriptpath.csv" | ForEach-Object {
    Set-ADUser -Identity $($_.SID) -Clear ScriptPath
}

This script uses your CSV as a source and iterates over each line extracting the SID.  Then it clears out the "ScriptPath" for each line.


Just a couple of PowerShell lines saves you from the tedious process of clicking on each individual user in your OU and verifying what logon scripts may exist.