[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How to identify what systems a use has logged into?

Posted on 2013-10-23
2
Medium Priority
?
224 Views
Last Modified: 2014-05-07
I have a list of user accounts and I am trying to find an easy but somewhat accurate way to determine what systems the list of users are logged into.  Looking for ideas and or possible scripts.
0
Comment
Question by:seaninman
2 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 1500 total points
ID: 39597612
Below is a Quest cmdlet PS Script to accomplish this. I have "#" out the areas with insstrucitons on what needs to be modified on your end.

Add-PSSnapin Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue
$ErrorActionPreference = "SilentlyContinue"

# Retrieve Username to search for, error checks to make sure the username
# is not blank and that it exists in Active Directory

Function Get-Username {
$Global:Username = Read-Host "Enter username you want to search for"
if ($Username -eq $null){
	Write-Host "Username cannot be blank, please re-enter username!!!!!"
	Get-Username}
$UserCheck = Get-QADUser -SamAccountName $Username
if ($UserCheck -eq $null){
	Write-Host "Invalid username, please verify this is the logon id for the account"
	Get-Username}
}

get-username
# Change this line of code for different search criteria's
$computers = Get-QADComputer -SearchRoot "domain.com/OU to search" -OSName "*Windows*" -SizeLimit 0 | where {$_.accountisdisabled -eq $false}
foreach ($comp in $computers)
	{
	$Computer = $comp.Name
	$ping = new-object System.Net.NetworkInformation.Ping
  	$Reply = $null
  	$Reply = $ping.send($Computer)
  	if($Reply.status -like 'Success'){
		#Get explorer.exe processes
		$proc = gwmi win32_process -computer $Computer -Filter "Name = 'explorer.exe'"
		#Search collection of processes for username
		ForEach ($p in $proc) {
	    	$temp = ($p.GetOwner()).User
	  		if ($temp -eq $Username){
			write-host "$Username is logged on $Computer"
		}}}}

Open in new window


Will.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39598005
There is no direct way to check the same if auditing is enabled you can check the DC event log to track the same or use third party s/w.

You can run this script as a logon/logoff script using group policies: echo %username% ; %computername% ; %date% ; %time% >> \\Server\Share\list.csv
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question