Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.
Course Of The Month
Become a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Reporting on user's log in/out times in Active Directory without using the event log
Posted on 2012-12-27
Hello everyone, a department manager I work with is asking for a way to report on selected users for when they log in/out of the network (Active Directory) and the only way I know of is in the event logs and depending on what domain controller they authenticate on it's then logged into that event log on that server. Does anyone know if Microsoft has a more efficent way to see this data or maybe a 3rd party product for this?
Thank you everyone.
Thank you everyone.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3-
3
- +1
9 Comments
Do you have a SQL server there? You could create a database on the server with a table called emp_logins with the columns
userid
login_off_datetime
login_or_logoff
Then run this script as part of the user's logon script
And this script as a user logoff script
To run a report just execute the query in SQL Query Analyzer
Make sure you update the values in the script for
YOURSQLSERVER
someuser
somepassword
somedatabase
userid
login_off_datetime
login_or_logoff
Then run this script as part of the user's logon script
Set wshNetwork = CreateObject("WScript.Network")
Dim OdbcDSN, connect, sql, resultSet, strUsername
strUsername = wshNetwork.UserName
OdbcDSN = "Driver=SQL Server;Server=YOURSQLSERVER;UID=someuser;PWD=somepassword;Database=somedatabase"
Set connect = CreateObject("ADODB.Connection")
connect.Open OdbcDSN
sql="insert into emp_logins (userid,login_off_datetime,login_or_logoff) values ('" & strUsername & "',getdate(),'I')"
Set resultSet = connect.Execute(sql)
And this script as a user logoff script
Set wshNetwork = CreateObject("WScript.Network")
Dim OdbcDSN, connect, sql, resultSet, strUsername
strUsername = wshNetwork.UserName
OdbcDSN = "Driver=SQL Server;Server=YOURSQLSERVER;UID=someuser;PWD=somepassword;Database=somedatabase"
Set connect = CreateObject("ADODB.Connection")
connect.Open OdbcDSN
sql="insert into emp_logins (userid,login_off_datetime,login_or_logoff) values ('" & strUsername & "',getdate(),'O')"
Set resultSet = connect.Execute(sql)
To run a report just execute the query in SQL Query Analyzer
SELECT * FROM emp_logins WHERE userid = 'SomeUserName'
Make sure you update the values in the script for
YOURSQLSERVER
someuser
somepassword
somedatabase
You could create a simple logon/logoff script, example below
http://msmvps.com/blogs/kwsupport/archive/2005/02/24/36942.aspx
event logs like you said can track it but consolidating and searching them can be a pain depending on how many DCs you have.
Thanks
Mike
http://msmvps.com/blogs/kwsupport/archive/2005/02/24/36942.aspx
event logs like you said can track it but consolidating and searching them can be a pain depending on how many DCs you have.
Thanks
Mike
Thank you so much! I'm going to try this out now, I've never used a logoff script but will figure that out in AD. I'll come back soon and accept the solution! ;)
Thank you "mcsween"! I have a .vbs script I use for mapping sharepoint to a network drive and will test your solution out. J
You can do logon and logoff scripts from Group Policy.
User Configuration, Windows Settings, Scripts (Logon/Logoff)
User Configuration, Windows Settings, Scripts (Logon/Logoff)
You have two ways to do this without event log.
First, you can use this link to audit the login/logout activity of the users.
http://help.isdecisions.com/winreporter/english/Reference/EventLogReports/LogonLogoff_Activity.htm
Moreover, in case you dont want to use the logs then you can use third party tool for AD auditing but these tools are not free.
First, you can use this link to audit the login/logout activity of the users.
http://help.isdecisions.com/winreporter/english/Reference/EventLogReports/LogonLogoff_Activity.htm
Moreover, in case you dont want to use the logs then you can use third party tool for AD auditing but these tools are not free.
Featured Post
Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restoreâ„¢. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP, Windows Server…
- Ransomware
- Experts Exchange
- Windows XP
- Windows OS
- Windows Server 2008
- Windows Server 2003, Security
Attackers love to prey on accounts that have privileges.
Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month6 days, 5 hours left to enroll
627 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.