Solved

need to generate login our for a user - Active Directory

Posted on 2014-11-25
12
62 Views
Last Modified: 2014-12-01
need a report csv
0
Comment
Question by:Jorge Ocampo
  • 4
  • 4
  • 2
  • +2
12 Comments
 
LVL 3

Expert Comment

by:Barry Molenwijk
ID: 40465117
Could you please specify your exact needs as in input and output?
0
 
LVL 40

Expert Comment

by:footech
ID: 40465124
@Jorge - I've seen a number of questions that you've started here, and I've got some advice/a request for you.
PLEASE include more details in your questions.  If you don't put any effort into your question, you're likely to get the same amount of effort (i.e. none) in any replies.  Do whatever you can so that the first reply isn't a request for more information.
0
 
LVL 2

Author Comment

by:Jorge Ocampo
ID: 40465135
i need to know when he logged in and logged off as much information as possible about the login times for this user
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 6

Accepted Solution

by:
Asif Bacchus earned 500 total points
ID: 40465302
I'm assuming you'd like a log of when a user logs in and out and from what machine, etc.?  I do this for every company I consult for and it save me tons of time down the road.  This is the exact setup I use... it's quite a few steps but really simple:

First, setup a hidden share on your server, I call my MONITORING$.  You do this like any other share, except you put the $ symbol after the name to tell Windows it's hidden by default.

Now create a file called Login.cmd, open notepad and type the following then save the file:
@echo off
echo Login from: %COMPUTERNAME%, Username: %USERNAME%, Date: %DATE%, Time: %TIME% >> \\SERVER_NAME\Monitoring$\%USERNAME%.csv

Open in new window

This will write a line to a text file that states the computer, user's name, date and time of the login.  REMEMBER TO CHANGE SERVER_NAME TO MATCH YOUR SERVER!  Also, change the path to the hidden share you created as necessary.

Now create a file called Logoff.cmd, open notepad and type the following then save the file:
@echo off
echo Logoff from: %COMPUTERNAME%, Username: %USERNAME%, Date: %DATE%, Time: %TIME% >> \\SERVER_NAME\Monitoring$\%USERNAME%.csv

Open in new window

This is virtually the same file, except the text is changed to read Logoff.  Again, remember to change SERVER_NAME and the path to your share as needed.

Now, create a new GPO (I call my Monitoring) and navigate to User Configuration > Policies > Windows Settings > Scripts (Logon/Logoff).  

Open the Logon option and click the Show Files... button.  This will open an Explorer window.  Copy your Logon.cmd file to this location and close Explorer.  Back on the Logon Properties window, click Add... and Browse, select your Logon.cmd file and click Open.  There are no parameters needed, so leave it blank, and click OK.  Click OK again.

Repeat this process for the Logoff option but this time copy your Logoff.cmd file and select it.

Now apply this GPO to any relevant USERS/USER OUs you'd like to monitor and you'll have your logfiles start appearing in your hidden share.

HTH.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 40465311
You need to enable logging on your domain and then search the event logs.  Good overview here

http://www.morgantechspace.com/2013/10/enable-active-directory-logonlogoff.html

There are third party tools that make this easier as going through logs on  multiple DCs in a large environment can be a pain.    You can also use PowerShell to scan for events get-winevent

Thanks

Mike
0
 
LVL 6

Expert Comment

by:Asif Bacchus
ID: 40465316
Agree with Mike that auditing is the way to go, but since you asked specifically for a CSV option that's why I posted my suggestion above.  If you have the budget, then Mike is also correct that 3rd party options provide much 'nicer' output options for your logs.

Cheers.
0
 
LVL 2

Author Comment

by:Jorge Ocampo
ID: 40465319
dont need nothing fancy just a simple output "Username last logged in times 10AM 11/1/14, 9AM 11/2/14 etc
0
 
LVL 2

Author Comment

by:Jorge Ocampo
ID: 40465328
@asif great stuff by the way but right now i just need to find out time stamps for a user that left.
0
 
LVL 3

Expert Comment

by:Barry Molenwijk
ID: 40465351
If it's not being audited or logged elsewhere right now Jorge, there's no way of getting that information.
0
 
LVL 2

Author Comment

by:Jorge Ocampo
ID: 40465436
well AD audit is on by default so i would just need a way to retrieve the information
0
 
LVL 6

Expert Comment

by:Asif Bacchus
ID: 40468598
I think you'd be stuck searching through the audit logs to find that information then.  You can filter for Event IDs 528 for a successful logon and 538 for a successful logoff.  Please see http://technet.microsoft.com/en-ca/library/cc787567(v=ws.10).aspx for all Event IDs including failure.

HTH.
0
 
LVL 6

Expert Comment

by:Asif Bacchus
ID: 40475325
Glad you got everything sorted out!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
how to add IIS SMTP to handle application/Scanner relays into office 365.

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question