Question

Is there a way to query Active Directory for the user logged onto a give IP Address?

Asked by: stefanx

Is there a way to determine the Active Directory user that is logged onto a given IP Address?
I need to do this from perl using an LDAP lookup.

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-08-23 at 01:30:50ID24674429
Tags

Active Directory

Topic

Active Directory

Participating Experts
4
Points
500
Comments
8

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. LDAP
    How to use LDAP with Outlook. General information about LDAP
  2. LDAP Query
    Hello i am new to LDAP. And we are using openLDAP. I have never written any code to access data from LDAP. Neither am i sure whether i must use JNDI or JLDAP(from Novell) to pick data from openLDAP. I have to write a LDAP Query Engine. The functionality is simple. Display ...
  3. Query Adding onto Date
    I need to add 30 days onto a date that is in one of my tables....into a query.... any ideas?
  4. Configuring sendmail to perform LDAP address lookups
    In a nutshell I need to set up a sendmail server (running on CentOS linux) that will look up recipient addresses via LDAP and I'm not having much luck. From what I've read we need to configure sendmail to use LDAP and it looks like I want to use the genericstable for LDAP qu...
  5. MYSQL/LDAP Dual Query - PHP Code to grab mysql data …
    Below is the code to query all the server systems in my database. Next can someone help me take this query and add onto it a sub query that does an ldap lookup to see if these servers are in a particular OU? I know this is a tough one, any help is apreciated! Or if there is...
  6. LDAP query
    Hi We are using Active Directory in our forest. Forest root is kam.com, and we have child domains of emea.kam.com, us.kam.com, canada.kam.com etc. We have a new application we are trying out and it needs to pull information (i.e. members) out. We are in emea.kam.com and a...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: mkline71Posted on 2009-08-23 at 01:39:48ID: 25161817

Not that I know of; there is no IP address attribute that you can query using an LDAP query.

Maybe use a logon script to record the IP address and put it in a text file, but that wouldn't be used for an LDAP query either.

Thanks

Mike

 

by: stefanxPosted on 2009-08-23 at 01:43:05ID: 25161825

How about if I query the reverse DNS to give me the PC name - is there any connection between the PC name and the user that is logged onto it?

 

by: bluntTonyPosted on 2009-08-23 at 01:44:51ID: 25161832

Unfortunately, AD doesn't hold this info.

The nearest you could get would be to interrogate each and every DC's security event logs and look for the last succesful logon attempt for the user, then parse the source workstation IP address from the data in that event log.

Or you could use WMI to connect to a machine by IP address and get the logged on user. A vbscript example i here: http://blogs.msdn.com/alejacma/archive/2008/03/04/how-to-get-the-logged-on-user-with-wmi-vbscript.aspx

You may be able to use this to figure out how to interrogate WMI with PERL. Unfortunately don't know much in the way of PERL so couldn't comment. May be worth adding the PERL zone to this question.

But with regards to using LDAP - this isn't possible as the information doesn't exist in AD.

Tony

 

by: bluntTonyPosted on 2009-08-23 at 01:48:15ID: 25161847

Sorry Mike - must refresh!

stefanx - no, there is no dynamic data stored in AD that tells you what user is logged on where. Not in AD. DC's record events when users log on to machines, so you can query their event logs, but this wouldn't be LDAP, you would need to use WMI.

A more direct approach would be to interrogate the actual machine in question and fnd out the logged on user.

 

by: Chris-DentPosted on 2009-08-23 at 01:59:39ID: 25161886


Scriptomatic can write Perl code if you do end up going down the WMI route :)

http://www.microsoft.com/downloads/details.aspx?FamilyID=09dfc342-648b-4119-b7eb-783b0f7d1178&displaylang=en

If there's a need to track this kind of thing you may consider setting up a logon / logoff script to capture it, interrogating files created by that is far quicker and easier than WMI. There are quite a few variations on that, personally I use a minor variation of this one:

http://msmvps.com/blogs/kwsupport/archive/2005/02/24/36942.aspx

If it must be server-side and nothing on the client this article describes how events are logged in the Security log:

http://technet.microsoft.com/en-us/library/bb742436.aspx

That can be painful if you have anything more than a couple of DCs.

Chris

 

by: bluntTonyPosted on 2009-08-23 at 04:50:55ID: 25162267

As Chris stated, a good way would be to create a logon/off script to track this.

Another option to a text file might be to keep this info in AD, then you could query this data in your PERL script via LDAP.

For example, employeeID and employeeType are typically not used, and are not shown in ADUC. If this is the case for you, you could have a login script similar to the below. This writes a space-delimited string of the IP addresses of the machine the user is logged on to to 'employeeID'. Then in your PERL script you would use an LDAP filter similar to this:

(&(objectClass=user)(objectCategory=person)(employeeID=*192.168.0.1*))

(Obviously in your script you would build this filter as a string and insert the required IP address between the wildcards)

By creating a similar logoff script which clears employeeID, you can track who is currently logged on to what machine just by performing this query.

For this you would also have to delegate 'SELF' the right to read/write the attribute in question, which can be done easily with the delegation of control wizard in ADUC.

Tony

Set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
Set objIP = CreateObject("Scripting.Dictionary")
Set colAdapters = objWMI.ExecQuery("SELECT * FROM Win32_NetworkAdapterConfiguration Where IPEnabled=True")
 
'Get a space delimited string of the IP addresses on the local machine
For Each adapter In colAdapters
 	For i = LBound(adapter.IPAddress) To UBound(adapter.IPAddress)
 		If Not adapter.IPAddress(i) = "0.0.0.0" And Not objIP.Exists(adapter.IPAddress(i)) Then objIP.Add adapter.IPAddress(i), adapter.IPAddress(i)
 	Next
Next
 
For Each key In objIP.Keys
	strIPs = strIPs & objIP(key) & " "
Next 
 
'Write this string to employeeID against the current user
Set objAD = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & Replace(objAD.UserName,"/","\/"))
objUser.employeeID = strIPs
objUser.SetInfo
 
Set objUser = Nothing
Set objAD = Nothing
Set objWMI = Nothing
Set objIP = Nothing
Set colAdapters = Nothing

                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:

Select allOpen in new window

 

by: snusgubbenPosted on 2009-08-23 at 08:10:49ID: 25162903

We got Cisco works at work that have a utility where you type the username and his IP pops up or visa verca.

I have no clue what the cost is.

http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps2425/white_paper_c11-469745.html


SG

 

by: stefanxPosted on 2009-08-23 at 11:50:35ID: 31619333

Thanks to everyone that took the time to answer this question. Even though it would have been great if someone said "Sure, here is how you do it", if it's not in AD then it's not in AD ;)

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...