Solved

VBS to Retrieve the computer a user is logged on.

Posted on 2009-05-14
8
308 Views
Last Modified: 2012-05-07
I would like to have a script that retrieves computer names in the Active Directory Domain, where a certain user account has logged on, or there is a process running under certain user account.
For instance a script that shows an input box to enter a user account then it searches the domain and retrieves any computer name that has been logged by that user account or if there is any process running with that user account?

Thanks
0
Comment
Question by:jskfan
  • 4
  • 3
8 Comments
 
LVL 38

Expert Comment

by:Shift-3
ID: 24387781
Paste the script below into a text file with a .vbs extension.  Customize the value of the strContainer variable with the distinguished name of the domain or OU to search under.  Running the script will prompt for the username and then query every computer for processes running under it.

This is necessarily quite slow, as the script has to check every machine.


Const ADS_SCOPE_SUBTREE = 2
 

strContainer = "ou=workstations,dc=yourdomain,dc=local"
 

strUser = InputBox("Enter the user, in the format DOMAIN\USERNAME", "Process Query")
 

On Error Resume Next
 

Set objConnection = CreateObject("ADODB.Connection")

Set objCommand = CreateObject("ADODB.Command")

objConnection.Provider = "ADsDSOObject"

objConnection.Open "Active Directory Provider"
 

Set objCommand.ActiveConnection = objConnection

objCommand.CommandText = _

    "Select Name From 'LDAP://" & strContainer & "' Where objectCategory='computer'"  

objCommand.Properties("Page Size") = 1000

objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 

Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
 

Do Until objRecordSet.EOF

    blnFound = False

    strComputer = objRecordSet.Fields("Name").Value
 

    If PingCheck(strComputer, 1, 0) Then

        Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

        Set colProcessList = objWMIService.ExecQuery("Select * from Win32_Process")
 

        For Each objProcess in colProcessList

            objProcess.GetOwner strProcUser, strProcDomain

            If LCase(strProcDomain & "\" & strProcUser) = LCase(strUser) Then

                blnFound = True

            End If

        Next

        

        If blnFound Then

            strList = strList & strComputer & vbCrLf

        End If

    End If

    

    objRecordSet.MoveNext

Loop
 

WScript.Echo "The user " & strUser & _

    " has processes running on the following computers: " & vbCrLf & strList
 

Function PingCheck(strTarget, strPings, intPause)

    Const ForReading = 1

    

    Set objShell = CreateObject("WScript.Shell")

    strTempDir = objShell.ExpandEnvironmentStrings("%temp%")
 

    strTempFile = strTempDir & "\script-" & strTarget & ".txt"
 

    Set objFSO = CreateObject("Scripting.FileSystemObject")

    

    objShell.Run "%comspec% /c ping -n " & strPings & " -w 100 " & _

        strTarget & ">" & strTempFile, 0, True

        

    WScript.Sleep intPause

    

    objShell.Run "%comspec% /c ping -n " & strPings & " -w 100 " & _

        strTarget & ">>" & strTempFile, 0, True

    

    Set objTempFile = objFSO.OpenTextFile(strTempFile, ForReading)

    strOutput = objTempFile.ReadAll

    objTempFile.Close

    objFSO.DeleteFile strTempFile, True
 

    If InStr(strOutput, "bytes=32") > 0 Then

        PingCheck = True

    Else

        PingCheck = False

    End If

End Function

Open in new window

0
 

Author Comment

by:jskfan
ID: 24387878
where does the script puts the output?
0
 
LVL 38

Expert Comment

by:Shift-3
ID: 24388952
As written it creates a list of computers in the strList variable and echoes it on lines 45-46.
0
 

Author Comment

by:jskfan
ID: 24389934
any way to put the output to a text file?
Thanks a lot!
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 38

Accepted Solution

by:
Shift-3 earned 450 total points
ID: 24398019
So revised.

Customize the value of the strReport variable on line 5 with the location of the output file.


Const ADS_SCOPE_SUBTREE = 2

Const ForWriting = 2
 

strContainer = "ou=workstations,dc=yourdomain,dc=local"

strReport = "report.txt"
 

strUser = InputBox("Enter the user, in the format DOMAIN\USERNAME", "Process Query")
 

On Error Resume Next
 

Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objReport = objFSO.OpenTextFile(strReport, ForWriting, True)
 

Set objConnection = CreateObject("ADODB.Connection")

Set objCommand = CreateObject("ADODB.Command")

objConnection.Provider = "ADsDSOObject"

objConnection.Open "Active Directory Provider"
 

Set objCommand.ActiveConnection = objConnection

objCommand.CommandText = _

    "Select Name From 'LDAP://" & strContainer & "' Where objectCategory='computer'"  

objCommand.Properties("Page Size") = 1000

objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 

Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
 

Do Until objRecordSet.EOF

    blnFound = False

    strComputer = objRecordSet.Fields("Name").Value
 

    If PingCheck(strComputer, 1, 0) Then

        Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

        Set colProcessList = objWMIService.ExecQuery("Select * from Win32_Process")
 

        For Each objProcess in colProcessList

            objProcess.GetOwner strProcUser, strProcDomain

            If LCase(strProcDomain & "\" & strProcUser) = LCase(strUser) Then

                blnFound = True

            End If

        Next

        

        If blnFound Then

            objReport.WriteLine strComputer

        End If

    End If

    

    objRecordSet.MoveNext

Loop
 

objReport.Close
 

Function PingCheck(strTarget, strPings, intPause)

    Const ForReading = 1

    

    Set objShell = CreateObject("WScript.Shell")

    strTempDir = objShell.ExpandEnvironmentStrings("%temp%")
 

    strTempFile = strTempDir & "\script-" & strTarget & ".txt"
 

    Set objFSO = CreateObject("Scripting.FileSystemObject")

    

    objShell.Run "%comspec% /c ping -n " & strPings & " -w 100 " & _

        strTarget & ">" & strTempFile, 0, True

        

    WScript.Sleep intPause

    

    objShell.Run "%comspec% /c ping -n " & strPings & " -w 100 " & _

        strTarget & ">>" & strTempFile, 0, True

    

    Set objTempFile = objFSO.OpenTextFile(strTempFile, ForReading)

    strOutput = objTempFile.ReadAll

    objTempFile.Close

    objFSO.DeleteFile strTempFile, True
 

    If InStr(strOutput, "bytes=32") > 0 Then

        PingCheck = True

    Else

        PingCheck = False

    End If

End Function

Open in new window

0
 
LVL 47

Assisted Solution

by:dstewartjr
dstewartjr earned 50 total points
ID: 24422847
It's easier to just run the command :
psloggedon <username>
 
http://technet.microsoft.com/en-us/sysinternals/bb897545.aspx
0
 

Author Comment

by:jskfan
ID: 24424313
dstewartjr:It's easier to just run the command :

psloggedon <username>



Tha's what I did..
0
 

Author Comment

by:jskfan
ID: 24424323
Shift-3 worked hard on the script though... he needs to be rewarded for his efforts
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Recently I finished a vbscript that I thought I'd share.  It uses a text file with a list of server names to loop through and get various status reports, then writes them all into an Excel file.  Originally it was put together for our Altiris server…
Over the years I have built up my own little library of code snippets that I refer to when programming or writing a script.  Many of these have come from the web or adaptations from snippets I find on the Web.  Periodically I add to them when I come…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now