[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Powershell Script User to Identify a User's Active RDP Sessions

Posted on 2011-04-19
9
Medium Priority
?
2,261 Views
Last Modified: 2012-05-11
Hello,

I am attempting to write an interactive Powershell script that accepts a username and traverses Active Directory for that user's active RDP sessions across all Windows 2003/2008 servers in the domain.  Is this possible?  Thanks.  
0
Comment
Question by:Techop09
  • 4
  • 3
  • 2
9 Comments
 
LVL 12

Accepted Solution

by:
rlandquist earned 1000 total points
ID: 35426985
How many servers are you looking to query?
0
 
LVL 12

Expert Comment

by:rlandquist
ID: 35427415
I have a solution for you.

First you need to go to: http://archive.msdn.microsoft.com/PSTerminalServices/Release/ProjectReleases.aspx?ReleaseId=5479

and download and run the  PSTerminalServices_1.1.msi

Then start PowerShell
Run this command to Import the new module.
Import-Module PSTerminalServices

You will need to import the module each time you start PowerShell, unless you add it to your profile.  (That is a different topic)

Now you can run the script.

Save this script with a .ps1 extension

To run the script in powershell (incase you don't already know) the syntax is:
&"C:\Directory\YourScript.ps1"

This script will prompt you for a username.  It will search using wildcards, so you can use a partial name if you want.

Then it finds all of the Terminal Servers in you domain and queries each one to see if there is an Active session with a matching username.

Let me know how it works for you and if you have any questions!
$erroractionpreference = "SilentlyContinue"

do
{ $username = $(Read-Host -prompt "Enter the username") }
until ( $username.length -gt 0 )

$tsservers = get-tsservers

foreach ($server in $tsservers)
{
    #Write-Host $server.servername
    
    get-tssession -computer $server.servername -filter { $_.ConnectionState -eq 'Active' -and $_.Username -like '*' + $username + '*' }
}

Open in new window

0
 
LVL 13

Assisted Solution

by:soostibi
soostibi earned 1000 total points
ID: 35427966
Here is a WMI solution:
$user = "domain\username"
$servers = get-content c:\serverlist.txt

$servers | %{
    $comp = $_
    Get-WmiObject -Class win32_logonsession -Filter "Logontype=10" -ComputerName $comp |
    %{ 
        $wo = $_
        get-wmiobject -ComputerName $comp -Query `
            "Associators of {Win32_logonSession.LogonID=$($wo.LogonId)} where AssocClass = Win32_LoggedOnUser Role=Dependent" | 
            ?{$_.caption -eq $user} |
        Add-Member -MemberType noteproperty -Name Authentication -Value $_.AuthenticationPackage -PassThru |
        Add-Member -MemberType noteproperty -Name LogonType -Value $_.Logontype -PassThru |
        Add-Member -MemberType noteproperty -Name StartTime -Value ($_.converttodatetime($_.StartTime)) -PassThru  |  
        Add-Member -MemberType noteproperty -Name ServerName -Value $_.__Server -PassThru
    } 
} | Select-Object servername, caption, logontype, authentication, starttime

Open in new window

0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Techop09
ID: 35433181
Thanks for the quick responses.  To RLANDQUIST, your solution seems close to what I'm looking for, however, the Terminal Services Module seems to only give you servers with Terminal Services installed.  I'm looking for something that would give all active Remote Desktop sessions, regardless of whether the server has Terminal Services installed on it or not.  

To SOOSTIBI, when running your script I get the following error message.  

Get-WmiObject : Not found
At C:\Users\colonto.NYH\Desktop\RDP.ps1:9 char:22
+         get-wmiobject <<<<  -ComputerName $comp -Query `
    + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], Managemen
   tException
    + FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.C
   ommands.GetWmiObjectCommand

Thanks again for your help guys.
0
 
LVL 13

Expert Comment

by:soostibi
ID: 35433420
Have you customized the first two lines of my script?
Have you created the txt file with the servernames in it, one in each line?
0
 

Author Comment

by:Techop09
ID: 35433696
Yes, I did.  I try entering FQDNs and just NETBIOS names, and still got the same error message
0
 
LVL 13

Expert Comment

by:soostibi
ID: 35433805
Copying the code from the EE interface might cause the problem. Try this, I took out the 'backtick' character from line 9.
And you have to run it as Administrator.
$user = "iqjb\soost"  
$servers = "soostpc" #get-content c:\serverlist.txt  
  
$servers | %{  
    $comp = $_  
    Get-WmiObject -Class win32_logonsession -Filter "Logontype=10" -ComputerName $comp |  
    %{   
        $wo = $_  
        get-wmiobject -ComputerName $comp -Query "Associators of {Win32_logonSession.LogonID=$($wo.LogonId)} where AssocClass = Win32_LoggedOnUser Role=Dependent" |   
            ?{$_.caption -eq $user} |  
        Add-Member -MemberType noteproperty -Name Authentication -Value $_.AuthenticationPackage -PassThru |  
        Add-Member -MemberType noteproperty -Name LogonType -Value $_.Logontype -PassThru |  
        Add-Member -MemberType noteproperty -Name StartTime -Value ($_.converttodatetime($_.StartTime)) -PassThru  |    
        Add-Member -MemberType noteproperty -Name ServerName -Value $_.__Server -PassThru  
    }   
} | Select-Object servername, caption, logontype, authentication, starttime

Open in new window

0
 

Author Comment

by:Techop09
ID: 35436513
Same result.  :(  
0
 
LVL 13

Expert Comment

by:soostibi
ID: 35436840
Strange, it works for me.
Could you copy the exact error message here?
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question