need to generate login our for a user - Active Directory

need a report csv
LVL 2
Jorge OcampoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Barry MolenwijkTechnical Support Specialist IICommented:
Could you please specify your exact needs as in input and output?
0
footechCommented:
@Jorge - I've seen a number of questions that you've started here, and I've got some advice/a request for you.
PLEASE include more details in your questions.  If you don't put any effort into your question, you're likely to get the same amount of effort (i.e. none) in any replies.  Do whatever you can so that the first reply isn't a request for more information.
0
Jorge OcampoAuthor Commented:
i need to know when he logged in and logged off as much information as possible about the login times for this user
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Asif BacchusI.T. ConsultantCommented:
I'm assuming you'd like a log of when a user logs in and out and from what machine, etc.?  I do this for every company I consult for and it save me tons of time down the road.  This is the exact setup I use... it's quite a few steps but really simple:

First, setup a hidden share on your server, I call my MONITORING$.  You do this like any other share, except you put the $ symbol after the name to tell Windows it's hidden by default.

Now create a file called Login.cmd, open notepad and type the following then save the file:
@echo off
echo Login from: %COMPUTERNAME%, Username: %USERNAME%, Date: %DATE%, Time: %TIME% >> \\SERVER_NAME\Monitoring$\%USERNAME%.csv

Open in new window

This will write a line to a text file that states the computer, user's name, date and time of the login.  REMEMBER TO CHANGE SERVER_NAME TO MATCH YOUR SERVER!  Also, change the path to the hidden share you created as necessary.

Now create a file called Logoff.cmd, open notepad and type the following then save the file:
@echo off
echo Logoff from: %COMPUTERNAME%, Username: %USERNAME%, Date: %DATE%, Time: %TIME% >> \\SERVER_NAME\Monitoring$\%USERNAME%.csv

Open in new window

This is virtually the same file, except the text is changed to read Logoff.  Again, remember to change SERVER_NAME and the path to your share as needed.

Now, create a new GPO (I call my Monitoring) and navigate to User Configuration > Policies > Windows Settings > Scripts (Logon/Logoff).  

Open the Logon option and click the Show Files... button.  This will open an Explorer window.  Copy your Logon.cmd file to this location and close Explorer.  Back on the Logon Properties window, click Add... and Browse, select your Logon.cmd file and click Open.  There are no parameters needed, so leave it blank, and click OK.  Click OK again.

Repeat this process for the Logoff option but this time copy your Logoff.cmd file and select it.

Now apply this GPO to any relevant USERS/USER OUs you'd like to monitor and you'll have your logfiles start appearing in your hidden share.

HTH.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mike KlineCommented:
You need to enable logging on your domain and then search the event logs.  Good overview here

http://www.morgantechspace.com/2013/10/enable-active-directory-logonlogoff.html

There are third party tools that make this easier as going through logs on  multiple DCs in a large environment can be a pain.    You can also use PowerShell to scan for events get-winevent

Thanks

Mike
0
Asif BacchusI.T. ConsultantCommented:
Agree with Mike that auditing is the way to go, but since you asked specifically for a CSV option that's why I posted my suggestion above.  If you have the budget, then Mike is also correct that 3rd party options provide much 'nicer' output options for your logs.

Cheers.
0
Jorge OcampoAuthor Commented:
dont need nothing fancy just a simple output "Username last logged in times 10AM 11/1/14, 9AM 11/2/14 etc
0
Jorge OcampoAuthor Commented:
@asif great stuff by the way but right now i just need to find out time stamps for a user that left.
0
Barry MolenwijkTechnical Support Specialist IICommented:
If it's not being audited or logged elsewhere right now Jorge, there's no way of getting that information.
0
Jorge OcampoAuthor Commented:
well AD audit is on by default so i would just need a way to retrieve the information
0
Asif BacchusI.T. ConsultantCommented:
I think you'd be stuck searching through the audit logs to find that information then.  You can filter for Event IDs 528 for a successful logon and 538 for a successful logoff.  Please see http://technet.microsoft.com/en-ca/library/cc787567(v=ws.10).aspx for all Event IDs including failure.

HTH.
0
Asif BacchusI.T. ConsultantCommented:
Glad you got everything sorted out!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.