Solved

How to identify what systems a use has logged into?

Posted on 2013-10-23
2
211 Views
Last Modified: 2014-05-07
I have a list of user accounts and I am trying to find an easy but somewhat accurate way to determine what systems the list of users are logged into.  Looking for ideas and or possible scripts.
0
Comment
Question by:seaninman
2 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
Comment Utility
Below is a Quest cmdlet PS Script to accomplish this. I have "#" out the areas with insstrucitons on what needs to be modified on your end.

Add-PSSnapin Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue
$ErrorActionPreference = "SilentlyContinue"

# Retrieve Username to search for, error checks to make sure the username
# is not blank and that it exists in Active Directory

Function Get-Username {
$Global:Username = Read-Host "Enter username you want to search for"
if ($Username -eq $null){
	Write-Host "Username cannot be blank, please re-enter username!!!!!"
	Get-Username}
$UserCheck = Get-QADUser -SamAccountName $Username
if ($UserCheck -eq $null){
	Write-Host "Invalid username, please verify this is the logon id for the account"
	Get-Username}
}

get-username
# Change this line of code for different search criteria's
$computers = Get-QADComputer -SearchRoot "domain.com/OU to search" -OSName "*Windows*" -SizeLimit 0 | where {$_.accountisdisabled -eq $false}
foreach ($comp in $computers)
	{
	$Computer = $comp.Name
	$ping = new-object System.Net.NetworkInformation.Ping
  	$Reply = $null
  	$Reply = $ping.send($Computer)
  	if($Reply.status -like 'Success'){
		#Get explorer.exe processes
		$proc = gwmi win32_process -computer $Computer -Filter "Name = 'explorer.exe'"
		#Search collection of processes for username
		ForEach ($p in $proc) {
	    	$temp = ($p.GetOwner()).User
	  		if ($temp -eq $Username){
			write-host "$Username is logged on $Computer"
		}}}}

Open in new window


Will.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
Comment Utility
There is no direct way to check the same if auditing is enabled you can check the DC event log to track the same or use third party s/w.

You can run this script as a logon/logoff script using group policies: echo %username% ; %computername% ; %date% ; %time% >> \\Server\Share\list.csv
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now