[SOLUTION] Reporting on user's log in/out times in Active Directory without using the event log

Hello everyone, a department manager I work with is asking for a way to report on selected users for when they log in/out of the network (Active Directory) and the only way I know of is in the event logs and depending on what domain controller they authenticate on it's then logged into that event log on that server. Does anyone know if Microsoft has a more efficent way to see this data or maybe a 3rd party product for this?

Thank you everyone.

Do you have a SQL server there? You could create a database on the server with a table called emp_logins with the columns
userid
login_off_datetime
login_or_logoff

Then run this script as part of the user's logon script

Set wshNetwork = CreateObject("WScript.Network")
Dim OdbcDSN, connect, sql, resultSet, strUsername

strUsername = wshNetwork.UserName
OdbcDSN = "Driver=SQL Server;Server=YOURSQLSERVER;UID=someuser;PWD=somepassword;Database=somedatabase"
Set connect = CreateObject("ADODB.Connection")
connect.Open OdbcDSN

sql="insert into emp_logins (userid,login_off_datetime,login_or_logoff) values ('" & strUsername & "',getdate(),'I')"

Set resultSet = connect.Execute(sql)

Open in new window

And this script as a user logoff script

Set wshNetwork = CreateObject("WScript.Network")
Dim OdbcDSN, connect, sql, resultSet, strUsername

strUsername = wshNetwork.UserName
OdbcDSN = "Driver=SQL Server;Server=YOURSQLSERVER;UID=someuser;PWD=somepassword;Database=somedatabase"
Set connect = CreateObject("ADODB.Connection")
connect.Open OdbcDSN

sql="insert into emp_logins (userid,login_off_datetime,login_or_logoff) values ('" & strUsername & "',getdate(),'O')"

Set resultSet = connect.Execute(sql)

Open in new window

To run a report just execute the query in SQL Query Analyzer

SELECT * FROM emp_logins WHERE userid = 'SomeUserName'

Open in new window

Make sure you update the values in the script for
YOURSQLSERVER
someuser
somepassword
somedatabase

You could create a simple logon/logoff script, example below

http://msmvps.com/blogs/kwsupport/archive/2005/02/24/36942.aspx

event logs like you said can track it but consolidating and searching them can be a pain depending on how many DCs you have.

Thanks

Mike

I forgot to mention in case it's not obvious; my code is in vbscript (.vbs).

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Thank you so much! I'm going to try this out now, I've never used a logoff script but will figure that out in AD. I'll come back soon and accept the solution! ;)

Thank you "mcsween"! I have a .vbs script I use for mapping sharepoint to a network drive and will test your solution out. J

You can do logon and logoff scripts from Group Policy.

User Configuration, Windows Settings, Scripts (Logon/Logoff)

You have two ways to do this without event log.

First, you can use this link to audit the login/logout activity of the users.

http://help.isdecisions.com/winreporter/english/Reference/EventLogReports/LogonLogoff_Activity.htm

Moreover, in case you dont want to use the logs then you can use third party tool for AD auditing but these tools are not free.

FANTASTIC, thank you so much and sorry for getting back to you so late. I just recently implemented.

Reporting on user's log in/out times in Active Directory without using the event log

Who is Participating?

Already a member? Login.