Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to list on which server domain administrator account is currently logged on ?

Posted on 2014-12-16
12
Medium Priority
?
103 Views
Last Modified: 2014-12-28
Hi All,

From the list of server name in .TXT file or specific OU, how can I verify of produce the list of where the domain\administrator account is currently used or logged on ?

Any help would be greatly appreciated.

THanks
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
12 Comments
 
LVL 41

Assisted Solution

by:footech
footech earned 1336 total points
ID: 40502351
Check out this previous asked question for some samples.
http://www.experts-exchange.com/Programming/Languages/Scripting/Powershell/Q_28233927.html

There are also some scripts on the MS Technet Script Repository for this.

There's a variety of ways to start to gather the information, from WMI to command line utilities like quser, qwinsta, SysInternals' PsLoggedOn, etc..  You may need to try out a few to see what works for you and your environment.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40502367
Thanks man, which one that you recommends working ?
0
 
LVL 56

Expert Comment

by:McKnife
ID: 40502828
What do you mean by "used"? Logged on is understood, but used?
And what is this info needed for?
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 41

Expert Comment

by:footech
ID: 40503504
Try all of them and see which you like better.  They both work (assuming permissions, etc. are in place).
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40503604
@McKnife: yes, used means logged on, so in thiscase the script can see where the domain\administrator account is currently used.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 40503769
The tools have been mentioned. But what would you need that info for, if I may ask - why would you like to know "where the domain admin is logged in"?
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40503775
because I want to know where the DOMAIN\Administrator is being used on which servers by my team.
0
 
LVL 41

Accepted Solution

by:
footech earned 1336 total points
ID: 40503793
Please don't post in the other question - it has been closed for some time.  I'd even suggest it's best to delete that comment.

However, I'm sorry, I didn't remember that there were any issues with that code from the other user.  I made a correction to it but I'm finding that it really doesn't give the information you want.

Here's the code I posted in the other thread with some slight modifications.  Just tested again and it's working.
*Side note - I typically don't post such a complete script (in fact, I've stripped a number of things out from the script I use/wrote at work), but since I'd already posted it I made an exception here.
$computers = Get-Content "ComputerList.txt"
$user = "administrator"

# Provide complete path to SysInternals' PsLoggedOn.exe utility
$UtilPath = ".\PsLoggedOn.exe"

$results = @()
$i = 0
[bool]$regStart = $false
[bool]$regDisabled = $false
foreach ($computer in $computers)
{
    $i++
    Write-Progress -activity "Progress Indicator" -status "Checking Remote Registy Service" -currentOperation "Checking computer ""$computer"" ($i of $($computers.count))" -percentComplete (($i/$computers.count) * 100)
    # Check if the Remote Registry service is stopped.  If so, we need to start it (PSLoggedOn.exe needs it to be running).
    $regSvcStatus = Get-WmiObject Win32_Service -computername $computer -filter "name = 'RemoteRegistry'" -Property State,StartMode -ErrorAction SilentlyContinue
    If ($regSvcStatus.State -eq "Stopped")
    {
        If ($regSvcStatus.StartMode -eq "Manual")
        {
            & sc.exe \\$computer start RemoteRegistry | Out-Null
            [bool]$regStart = $true
            #Start-Sleep -Seconds 2
        }
        ElseIf ($regSvcStatus.StartMode -eq "Disabled")
        {
            & sc.exe \\$computer config RemoteRegistry start= demand | Out-Null
            & sc.exe \\$computer start RemoteRegistry | Out-Null
            [bool]$regStart = $true
            [bool]$regDisabled = $true
            #Start-Sleep -Seconds 1
        }
    }
    ElseIf ( !($regSvcStatus) )
    {
        Write-Output "Couldn't contact WMI service on $computer"
        continue
    }
        
    Write-Progress -activity "Progress Indicator" -status "Querying Logged On Users" -currentOperation "Checking computer ""$computer"" ($i of $($computers.count))" -percentComplete (($i/$computers.count) * 100)
        
    # Make the query and parse the text output
    $results += Invoke-Expression "$UtilPath -x -l \\$computer 2>&1" |
        Where-Object {$_ -match '^\s{2,}((?<domain>\w+)\\(?<user>\S+))|(?<user>\S+)'} |
        Where {$matches.user -eq $user} |
        ForEach `
        {
            Write-Output "$($matches.user) is logged on to $computer"
        }
    # If we start the Remote Registry service earlier, return it to the stopped state.
    If ($regStart -eq $true)
    {
        Write-Progress -activity "Progress Indicator" -status "Resetting Remote Registry Service" -currentOperation "Checking computer ""$computer"" ($i of $($computers.count))" -percentComplete (($i/$computers.count) * 100)
        & sc.exe \\$computer stop RemoteRegistry | Out-Null
        [bool]$regStart = $false
    }
    If ($regDisabled -eq $true)
    {
        Write-Progress -activity "Progress Indicator" -status "Disabling Remote Registry Service" -currentOperation "Checking computer ""$computer"" ($i of $($computers.count))" -percentComplete (($i/$computers.count) * 100)
        & sc.exe \\$computer config RemoteRegistry start= disabled | Out-Null
        [bool]$regDisabled = $false
    }
}
$results

Open in new window

0
 
LVL 56

Assisted Solution

by:McKnife
McKnife earned 664 total points
ID: 40503815
Ok, to me it is still unclear why - you only repeat that you want to know, but not why. I hoped to be in a better position to help you if I knew why you need this info. Anyway, have a look at this freeware: http://www.cjwdev.com/Software/ServiceCredMan/Info.html
-> Easily track down all of the Windows services and scheduled tasks using a specific account
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40503821
@McKnife: because my security team wants to split the password for the administrator and then rename the account, so in this case i need to know where it is currently logged on and then I need to log them off if it is still logged on.

@footech: thanks mate, I'll try that script and let you know soon.
0
 
LVL 41

Expert Comment

by:footech
ID: 40503835
@McKnife - I hadn't come across that utility before.  I think I'll have to check it out the next time I'm changing service account credentials.  I've seen some of his tools before, but never used them.
0
 
LVL 8

Author Closing Comment

by:Senior IT System Engineer
ID: 40521373
Thanks guys !
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question