Link to home
Start Free TrialLog in
Avatar of dommurray
dommurray

asked on

How to find out which user is logged into which PC using active directory

Is there an easier way in Active Directory, without having to trawl through event logs, of seeing what username is logged into a particular PC at the time of lookup (i.e. realtime)? Back in the days of NT4 and WINS I could search WINS database for a username that had registered messenger service entry, get the IP address the registration came from and then do a lookup of the PC name from that IP address. As the Active Directory environment no longer uses WINS I am looking for an equivalent method, can anyone help? A feature in standard AD would be best but if there is a third party product that can help then I'd like to hear about that also.
Thanks

I should also note that it's a lookup where I know the username already but need to know what PC they are logged into.
Avatar of oBdA
oBdA

Avatar of dommurray

ASKER

thanks oBdA

I've tried this but it appears to scan each PC in AD and reports back if that user has logged onto that machine by checking the registry, though I know you can get the last login time; I have found that this can be a little slow in the enterprise and as the specific individual I am checking has logged onto many machines in the past as part of their work I get a large list back. I am looking for something that's a little more specific and "live"

Thanks for the reply though
then you must think of a script which is the easier way.
ASKER CERTIFIED SOLUTION
Avatar of Speshalyst
Speshalyst
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
If you have no idea of what machine the user is either using directly (i.e. their workstation name) or they are accessing (i.e. their authenticating server or the name of a server they manually access), then try the Security log for your FSMO role holder. One of the FSMO roles (I think it's either RID Master or PDC Emulator) should log an event for everyone who logs on and off of the domain. That event will contain the name of the box from which the request originates, which will be their workstation or the name of any box they try to RD into. Filter for event ID 540.

Short of using scripts or PS tools to scan the registry of every box on your network, this is the only way I know of to do this.

-Rob
Well I don't know if the OP was ever able to use any of the listed solutions, but without going to a third party solution the only way I know of to accomplish this taks is via the methd I listed or to use some sort of tracking script that fires at logon. You can use 3rd party utilities to track this information as well, but they would cost money (often charged per client computer you want to track) and many of them are simply glorified versions of the later option.

-Rob

much easier way .. if you are using domain ofcourse is:

filter the security log on the DC for the user name  ;)

enjoy
this site sucks