Solved

How to identify what systems a use has logged into?

Posted on 2013-10-23
2
218 Views
Last Modified: 2014-05-07
I have a list of user accounts and I am trying to find an easy but somewhat accurate way to determine what systems the list of users are logged into.  Looking for ideas and or possible scripts.
0
Comment
Question by:seaninman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39597612
Below is a Quest cmdlet PS Script to accomplish this. I have "#" out the areas with insstrucitons on what needs to be modified on your end.

Add-PSSnapin Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue
$ErrorActionPreference = "SilentlyContinue"

# Retrieve Username to search for, error checks to make sure the username
# is not blank and that it exists in Active Directory

Function Get-Username {
$Global:Username = Read-Host "Enter username you want to search for"
if ($Username -eq $null){
	Write-Host "Username cannot be blank, please re-enter username!!!!!"
	Get-Username}
$UserCheck = Get-QADUser -SamAccountName $Username
if ($UserCheck -eq $null){
	Write-Host "Invalid username, please verify this is the logon id for the account"
	Get-Username}
}

get-username
# Change this line of code for different search criteria's
$computers = Get-QADComputer -SearchRoot "domain.com/OU to search" -OSName "*Windows*" -SizeLimit 0 | where {$_.accountisdisabled -eq $false}
foreach ($comp in $computers)
	{
	$Computer = $comp.Name
	$ping = new-object System.Net.NetworkInformation.Ping
  	$Reply = $null
  	$Reply = $ping.send($Computer)
  	if($Reply.status -like 'Success'){
		#Get explorer.exe processes
		$proc = gwmi win32_process -computer $Computer -Filter "Name = 'explorer.exe'"
		#Search collection of processes for username
		ForEach ($p in $proc) {
	    	$temp = ($p.GetOwner()).User
	  		if ($temp -eq $Username){
			write-host "$Username is logged on $Computer"
		}}}}

Open in new window


Will.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39598005
There is no direct way to check the same if auditing is enabled you can check the DC event log to track the same or use third party s/w.

You can run this script as a logon/logoff script using group policies: echo %username% ; %computername% ; %date% ; %time% >> \\Server\Share\list.csv
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In previous parts of this Nano Server deployment series, we learned how to create, deploy and configure Nano Server as a Hyper-V host. In this part, we will look for a clustering option. We will create a Hyper-V cluster of 3 Nano Server host nodes w…
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question