Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 67
  • Last Modified:

need to generate login our for a user - Active Directory

need a report csv
0
Jorge Ocampo
Asked:
Jorge Ocampo
  • 4
  • 4
  • 2
  • +2
1 Solution
 
Barry MolenwijkCommented:
Could you please specify your exact needs as in input and output?
0
 
footechCommented:
@Jorge - I've seen a number of questions that you've started here, and I've got some advice/a request for you.
PLEASE include more details in your questions.  If you don't put any effort into your question, you're likely to get the same amount of effort (i.e. none) in any replies.  Do whatever you can so that the first reply isn't a request for more information.
0
 
Jorge OcampoAuthor Commented:
i need to know when he logged in and logged off as much information as possible about the login times for this user
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Asif BacchusCommented:
I'm assuming you'd like a log of when a user logs in and out and from what machine, etc.?  I do this for every company I consult for and it save me tons of time down the road.  This is the exact setup I use... it's quite a few steps but really simple:

First, setup a hidden share on your server, I call my MONITORING$.  You do this like any other share, except you put the $ symbol after the name to tell Windows it's hidden by default.

Now create a file called Login.cmd, open notepad and type the following then save the file:
@echo off
echo Login from: %COMPUTERNAME%, Username: %USERNAME%, Date: %DATE%, Time: %TIME% >> \\SERVER_NAME\Monitoring$\%USERNAME%.csv

Open in new window

This will write a line to a text file that states the computer, user's name, date and time of the login.  REMEMBER TO CHANGE SERVER_NAME TO MATCH YOUR SERVER!  Also, change the path to the hidden share you created as necessary.

Now create a file called Logoff.cmd, open notepad and type the following then save the file:
@echo off
echo Logoff from: %COMPUTERNAME%, Username: %USERNAME%, Date: %DATE%, Time: %TIME% >> \\SERVER_NAME\Monitoring$\%USERNAME%.csv

Open in new window

This is virtually the same file, except the text is changed to read Logoff.  Again, remember to change SERVER_NAME and the path to your share as needed.

Now, create a new GPO (I call my Monitoring) and navigate to User Configuration > Policies > Windows Settings > Scripts (Logon/Logoff).  

Open the Logon option and click the Show Files... button.  This will open an Explorer window.  Copy your Logon.cmd file to this location and close Explorer.  Back on the Logon Properties window, click Add... and Browse, select your Logon.cmd file and click Open.  There are no parameters needed, so leave it blank, and click OK.  Click OK again.

Repeat this process for the Logoff option but this time copy your Logoff.cmd file and select it.

Now apply this GPO to any relevant USERS/USER OUs you'd like to monitor and you'll have your logfiles start appearing in your hidden share.

HTH.
0
 
Mike KlineCommented:
You need to enable logging on your domain and then search the event logs.  Good overview here

http://www.morgantechspace.com/2013/10/enable-active-directory-logonlogoff.html

There are third party tools that make this easier as going through logs on  multiple DCs in a large environment can be a pain.    You can also use PowerShell to scan for events get-winevent

Thanks

Mike
0
 
Asif BacchusCommented:
Agree with Mike that auditing is the way to go, but since you asked specifically for a CSV option that's why I posted my suggestion above.  If you have the budget, then Mike is also correct that 3rd party options provide much 'nicer' output options for your logs.

Cheers.
0
 
Jorge OcampoAuthor Commented:
dont need nothing fancy just a simple output "Username last logged in times 10AM 11/1/14, 9AM 11/2/14 etc
0
 
Jorge OcampoAuthor Commented:
@asif great stuff by the way but right now i just need to find out time stamps for a user that left.
0
 
Barry MolenwijkCommented:
If it's not being audited or logged elsewhere right now Jorge, there's no way of getting that information.
0
 
Jorge OcampoAuthor Commented:
well AD audit is on by default so i would just need a way to retrieve the information
0
 
Asif BacchusCommented:
I think you'd be stuck searching through the audit logs to find that information then.  You can filter for Event IDs 528 for a successful logon and 538 for a successful logoff.  Please see http://technet.microsoft.com/en-ca/library/cc787567(v=ws.10).aspx for all Event IDs including failure.

HTH.
0
 
Asif BacchusCommented:
Glad you got everything sorted out!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 4
  • 4
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now