Solved

dhcp

Posted on 2011-03-12
11
435 Views
Last Modified: 2012-08-13
management at my company wants me to see what websites people are going to. im using squid with sarg and webmin. the reports in webmin show the sites and the ip addresses that people visit. since i have the ip address - could i match the ip address to a user's login? I have a windows 2003 domain. my domain controller is the dhcp server - and another domain controller takes care of users and computers
0
Comment
Question by:JeffBeall
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 45

Expert Comment

by:Craig Beck
ID: 35117994
You can use the DHCP server to determine what PC a user was logged on to, then filter the Active Directory secutiry event logs to see who was logged on to a PC at a particular time.  This will help you correlate info with the web access logs.
0
 
LVL 1

Expert Comment

by:janvanderwijk
ID: 35117998
netstat -a <ipaddress> could give you the username
0
 
LVL 1

Author Comment

by:JeffBeall
ID: 35118096
the dhcp control panel shows only the computer names, which wouldn't help me because the computer names are randomly generated. i tried netstat -a <ipaddress> but it's just showing a bunch of ports that ( i think ) the server is listening on.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 45

Expert Comment

by:Craig Beck
ID: 35118142
Sorry, I typo'd my response!  What I meant was...

You can use the DHCP server to determine what IP address was assigned to which PC, then filter the Active Directory secutiry event logs to see who was logged on each PC at a particular time.  This will help you correlate info with the web access logs.

I thnk NBTSTAT will show you who is logged on to a PC, not NETSTAT.
0
 
LVL 1

Assisted Solution

by:janvanderwijk
janvanderwijk earned 166 total points
ID: 35118179
@craigbeck, Yep, typo it is... My bad.... nbtstat -s <ipaddress> should do the trick for a single ipaddress.
0
 
LVL 1

Author Comment

by:JeffBeall
ID: 35118227
i tried the nbtstat -a <ipaddress> and nbtstat -s <ipaddress> ; -s didn't seem to work, but nbtstat -a <ipaddress> seemed to work - but i didn't get the login name - it looks like it still is getting the computer name which wouldnt help me.
i went to the security log of the server that has DHCP but i couldn't find the users name i was looking for - i found my login name but it didn't show the ip address of the computer i was on.
0
 
LVL 17

Expert Comment

by:Premkumar Yogeswaran
ID: 35119517
Hi,

To locate the logged on user, a free little command line utility called PSLoggedOn works well:
http://www.sysinternals.com/Utilities/PsLoggedOn.html

Regards,
Prem
0
 
LVL 17

Accepted Solution

by:
Premkumar Yogeswaran earned 167 total points
ID: 35119520
error on above posted link..

check this link to download

http://technet.microsoft.com/en-us/sysinternals/bb897545

Regards,
PRem
0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 167 total points
ID: 35120955
I found my login name but it didn't show the ip address of the computer i was on.

The security log will only show you computer names, and logged on usernames, so you need to get the computer name from the security log, then check the DHCP server for the computer name.  This will show you the corresponding MAC address and IP address (which is what you get in your web logs).
0
 
LVL 1

Author Comment

by:JeffBeall
ID: 35121618
"The security log will only show you computer names, and logged on usernames, so you need to get the computer name from the security log,"

craigbeck - are you saying from the security logges on the server that is running dhcp? or from the domain controller? - i thought it would make more sence if it is on the server running dhcp.
also - i looked in the security logs on the server running dhcp - but i didn't know where to look - for instance - do you filter by a certain criteria?
0
 
LVL 1

Author Closing Comment

by:JeffBeall
ID: 35124578
i found psinfo in the suite of things that are in  psloggedon. i added something in the users login script that uses psinfo, then i find their ip address on the dhcp server. thanks for the help.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Regarding Ad Connect Users Access 5 28
Existing Office 365 implement on-premise AD 4 34
powershell question need assistance 10 26
Additional DC vs Child Domain 12 16
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now