Solved

How to list on which server domain administrator account is currently logged on ?

Posted on 2014-12-16
12
98 Views
Last Modified: 2014-12-28
Hi All,

From the list of server name in .TXT file or specific OU, how can I verify of produce the list of where the domain\administrator account is currently used or logged on ?

Any help would be greatly appreciated.

THanks
0
Comment
  • 5
  • 4
  • 3
12 Comments
 
LVL 39

Assisted Solution

by:footech
footech earned 334 total points
ID: 40502351
Check out this previous asked question for some samples.
http://www.experts-exchange.com/Programming/Languages/Scripting/Powershell/Q_28233927.html

There are also some scripts on the MS Technet Script Repository for this.

There's a variety of ways to start to gather the information, from WMI to command line utilities like quser, qwinsta, SysInternals' PsLoggedOn, etc..  You may need to try out a few to see what works for you and your environment.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40502367
Thanks man, which one that you recommends working ?
0
 
LVL 54

Expert Comment

by:McKnife
ID: 40502828
What do you mean by "used"? Logged on is understood, but used?
And what is this info needed for?
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 39

Expert Comment

by:footech
ID: 40503504
Try all of them and see which you like better.  They both work (assuming permissions, etc. are in place).
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40503604
@McKnife: yes, used means logged on, so in thiscase the script can see where the domain\administrator account is currently used.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 40503769
The tools have been mentioned. But what would you need that info for, if I may ask - why would you like to know "where the domain admin is logged in"?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40503775
because I want to know where the DOMAIN\Administrator is being used on which servers by my team.
0
 
LVL 39

Accepted Solution

by:
footech earned 334 total points
ID: 40503793
Please don't post in the other question - it has been closed for some time.  I'd even suggest it's best to delete that comment.

However, I'm sorry, I didn't remember that there were any issues with that code from the other user.  I made a correction to it but I'm finding that it really doesn't give the information you want.

Here's the code I posted in the other thread with some slight modifications.  Just tested again and it's working.
*Side note - I typically don't post such a complete script (in fact, I've stripped a number of things out from the script I use/wrote at work), but since I'd already posted it I made an exception here.
$computers = Get-Content "ComputerList.txt"
$user = "administrator"

# Provide complete path to SysInternals' PsLoggedOn.exe utility
$UtilPath = ".\PsLoggedOn.exe"

$results = @()
$i = 0
[bool]$regStart = $false
[bool]$regDisabled = $false
foreach ($computer in $computers)
{
    $i++
    Write-Progress -activity "Progress Indicator" -status "Checking Remote Registy Service" -currentOperation "Checking computer ""$computer"" ($i of $($computers.count))" -percentComplete (($i/$computers.count) * 100)
    # Check if the Remote Registry service is stopped.  If so, we need to start it (PSLoggedOn.exe needs it to be running).
    $regSvcStatus = Get-WmiObject Win32_Service -computername $computer -filter "name = 'RemoteRegistry'" -Property State,StartMode -ErrorAction SilentlyContinue
    If ($regSvcStatus.State -eq "Stopped")
    {
        If ($regSvcStatus.StartMode -eq "Manual")
        {
            & sc.exe \\$computer start RemoteRegistry | Out-Null
            [bool]$regStart = $true
            #Start-Sleep -Seconds 2
        }
        ElseIf ($regSvcStatus.StartMode -eq "Disabled")
        {
            & sc.exe \\$computer config RemoteRegistry start= demand | Out-Null
            & sc.exe \\$computer start RemoteRegistry | Out-Null
            [bool]$regStart = $true
            [bool]$regDisabled = $true
            #Start-Sleep -Seconds 1
        }
    }
    ElseIf ( !($regSvcStatus) )
    {
        Write-Output "Couldn't contact WMI service on $computer"
        continue
    }
        
    Write-Progress -activity "Progress Indicator" -status "Querying Logged On Users" -currentOperation "Checking computer ""$computer"" ($i of $($computers.count))" -percentComplete (($i/$computers.count) * 100)
        
    # Make the query and parse the text output
    $results += Invoke-Expression "$UtilPath -x -l \\$computer 2>&1" |
        Where-Object {$_ -match '^\s{2,}((?<domain>\w+)\\(?<user>\S+))|(?<user>\S+)'} |
        Where {$matches.user -eq $user} |
        ForEach `
        {
            Write-Output "$($matches.user) is logged on to $computer"
        }
    # If we start the Remote Registry service earlier, return it to the stopped state.
    If ($regStart -eq $true)
    {
        Write-Progress -activity "Progress Indicator" -status "Resetting Remote Registry Service" -currentOperation "Checking computer ""$computer"" ($i of $($computers.count))" -percentComplete (($i/$computers.count) * 100)
        & sc.exe \\$computer stop RemoteRegistry | Out-Null
        [bool]$regStart = $false
    }
    If ($regDisabled -eq $true)
    {
        Write-Progress -activity "Progress Indicator" -status "Disabling Remote Registry Service" -currentOperation "Checking computer ""$computer"" ($i of $($computers.count))" -percentComplete (($i/$computers.count) * 100)
        & sc.exe \\$computer config RemoteRegistry start= disabled | Out-Null
        [bool]$regDisabled = $false
    }
}
$results

Open in new window

0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 166 total points
ID: 40503815
Ok, to me it is still unclear why - you only repeat that you want to know, but not why. I hoped to be in a better position to help you if I knew why you need this info. Anyway, have a look at this freeware: http://www.cjwdev.com/Software/ServiceCredMan/Info.html
-> Easily track down all of the Windows services and scheduled tasks using a specific account
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40503821
@McKnife: because my security team wants to split the password for the administrator and then rename the account, so in this case i need to know where it is currently logged on and then I need to log them off if it is still logged on.

@footech: thanks mate, I'll try that script and let you know soon.
0
 
LVL 39

Expert Comment

by:footech
ID: 40503835
@McKnife - I hadn't come across that utility before.  I think I'll have to check it out the next time I'm changing service account credentials.  I've seen some of his tools before, but never used them.
0
 
LVL 7

Author Closing Comment

by:Senior IT System Engineer
ID: 40521373
Thanks guys !
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
When you see single cell contains number and text, and you have to get any date out of it seems like cracking our heads.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question