dstynchula
asked on
How to enumerate last logged-in user for every machine in a domain or OU using AD query?
Is there a way to query an active directory 2003 domain and retrieve a list of who is logged in where, or alternatively, query the domain for a specific username and locate the machine that user last logged into?
For example:
A moving company moved a bunch of PCs but got mixed up when they arrived and just plugged random machines into random desks. The machines are labeled by hostname, but the users have no idea what machine belongs to who. Is there a way using an AD query to enumerate machine-name to last logged in user?
All machines are Windows XP pro
All servers are Windows 2003 standard.
For example:
A moving company moved a bunch of PCs but got mixed up when they arrived and just plugged random machines into random desks. The machines are labeled by hostname, but the users have no idea what machine belongs to who. Is there a way using an AD query to enumerate machine-name to last logged in user?
All machines are Windows XP pro
All servers are Windows 2003 standard.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you run a wins-server, the info could be found here.
A free little management tool called DumpSec will generate several user reports including last logged on time by user:
http://www.somarsoft.com/
http://www.somarsoft.com/
you may use this free tool:
http://www.somarsoft.com/cgi-bin/download.pl?DumpAcl
after you download this tool you go to > report>select computer>dc ip
after you are connected go to >report>dump users as table
choose than options as needed.
http://www.somarsoft.com/cgi-bin/download.pl?DumpAcl
after you download this tool you go to > report>select computer>dc ip
after you are connected go to >report>dump users as table
choose than options as needed.
missed robwill somehow. this is from it pro mag
The Windows 2003 Microsoft Management Console (MMC) Active Directory Users and Computers snap-in provides access to the last logon field through the native Windows interface. Open the snap-in, right-click Saved Queries, and select New, New Query. In the New Query dialog box, enter a name such as Old accounts and click Define Query. In the Find dialog box, make sure Common Queries is selected in the Find drop-down list. Then enter 30 in the Days since last logon field and click OK twice to close the dialog boxes.
Windows will now search the domain and display a list of all the user accounts that haven’t logged on in the past 30 days. The only problem with this method is that Windows doesn’t let you filter out disabled accounts, so you’ll see disabled accounts in addition to dormant accounts that you might still need to disable.
The Windows 2003 Microsoft Management Console (MMC) Active Directory Users and Computers snap-in provides access to the last logon field through the native Windows interface. Open the snap-in, right-click Saved Queries, and select New, New Query. In the New Query dialog box, enter a name such as Old accounts and click Define Query. In the Find dialog box, make sure Common Queries is selected in the Find drop-down list. Then enter 30 in the Days since last logon field and click OK twice to close the dialog boxes.
Windows will now search the domain and display a list of all the user accounts that haven’t logged on in the past 30 days. The only problem with this method is that Windows doesn’t let you filter out disabled accounts, so you’ll see disabled accounts in addition to dormant accounts that you might still need to disable.
ASKER
Thanks for the responses guys, due to the industry this client is in they have very stringent rules on third party software, I was hoping to find a solution in the Active Directory Users and Computers MMC => Saved Queries.
Stafi: you're answer is closer to what I'm looking for, except not all of the machines are 30 days old. I was hoping someone knew of a query-foo way to get to the objComputer.UserName.
Any ideas?
Stafi: you're answer is closer to what I'm looking for, except not all of the machines are 30 days old. I was hoping someone knew of a query-foo way to get to the objComputer.UserName.
Any ideas?
ASKER
Laura, Thanks for the help!