How to list on which server domain administrator account is currently logged on ?

Hi All,

From the list of server name in .TXT file or specific OU, how can I verify of produce the list of where the domain\administrator account is currently used or logged on ?

Any help would be greatly appreciated.

THanks
LVL 8
Senior IT System EngineerIT ProfessionalAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
footechConnect With a Mentor Commented:
Please don't post in the other question - it has been closed for some time.  I'd even suggest it's best to delete that comment.

However, I'm sorry, I didn't remember that there were any issues with that code from the other user.  I made a correction to it but I'm finding that it really doesn't give the information you want.

Here's the code I posted in the other thread with some slight modifications.  Just tested again and it's working.
*Side note - I typically don't post such a complete script (in fact, I've stripped a number of things out from the script I use/wrote at work), but since I'd already posted it I made an exception here.
$computers = Get-Content "ComputerList.txt"
$user = "administrator"

# Provide complete path to SysInternals' PsLoggedOn.exe utility
$UtilPath = ".\PsLoggedOn.exe"

$results = @()
$i = 0
[bool]$regStart = $false
[bool]$regDisabled = $false
foreach ($computer in $computers)
{
    $i++
    Write-Progress -activity "Progress Indicator" -status "Checking Remote Registy Service" -currentOperation "Checking computer ""$computer"" ($i of $($computers.count))" -percentComplete (($i/$computers.count) * 100)
    # Check if the Remote Registry service is stopped.  If so, we need to start it (PSLoggedOn.exe needs it to be running).
    $regSvcStatus = Get-WmiObject Win32_Service -computername $computer -filter "name = 'RemoteRegistry'" -Property State,StartMode -ErrorAction SilentlyContinue
    If ($regSvcStatus.State -eq "Stopped")
    {
        If ($regSvcStatus.StartMode -eq "Manual")
        {
            & sc.exe \\$computer start RemoteRegistry | Out-Null
            [bool]$regStart = $true
            #Start-Sleep -Seconds 2
        }
        ElseIf ($regSvcStatus.StartMode -eq "Disabled")
        {
            & sc.exe \\$computer config RemoteRegistry start= demand | Out-Null
            & sc.exe \\$computer start RemoteRegistry | Out-Null
            [bool]$regStart = $true
            [bool]$regDisabled = $true
            #Start-Sleep -Seconds 1
        }
    }
    ElseIf ( !($regSvcStatus) )
    {
        Write-Output "Couldn't contact WMI service on $computer"
        continue
    }
        
    Write-Progress -activity "Progress Indicator" -status "Querying Logged On Users" -currentOperation "Checking computer ""$computer"" ($i of $($computers.count))" -percentComplete (($i/$computers.count) * 100)
        
    # Make the query and parse the text output
    $results += Invoke-Expression "$UtilPath -x -l \\$computer 2>&1" |
        Where-Object {$_ -match '^\s{2,}((?<domain>\w+)\\(?<user>\S+))|(?<user>\S+)'} |
        Where {$matches.user -eq $user} |
        ForEach `
        {
            Write-Output "$($matches.user) is logged on to $computer"
        }
    # If we start the Remote Registry service earlier, return it to the stopped state.
    If ($regStart -eq $true)
    {
        Write-Progress -activity "Progress Indicator" -status "Resetting Remote Registry Service" -currentOperation "Checking computer ""$computer"" ($i of $($computers.count))" -percentComplete (($i/$computers.count) * 100)
        & sc.exe \\$computer stop RemoteRegistry | Out-Null
        [bool]$regStart = $false
    }
    If ($regDisabled -eq $true)
    {
        Write-Progress -activity "Progress Indicator" -status "Disabling Remote Registry Service" -currentOperation "Checking computer ""$computer"" ($i of $($computers.count))" -percentComplete (($i/$computers.count) * 100)
        & sc.exe \\$computer config RemoteRegistry start= disabled | Out-Null
        [bool]$regDisabled = $false
    }
}
$results

Open in new window

0
 
footechConnect With a Mentor Commented:
Check out this previous asked question for some samples.
http://www.experts-exchange.com/Programming/Languages/Scripting/Powershell/Q_28233927.html

There are also some scripts on the MS Technet Script Repository for this.

There's a variety of ways to start to gather the information, from WMI to command line utilities like quser, qwinsta, SysInternals' PsLoggedOn, etc..  You may need to try out a few to see what works for you and your environment.
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Thanks man, which one that you recommends working ?
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
McKnifeCommented:
What do you mean by "used"? Logged on is understood, but used?
And what is this info needed for?
0
 
footechCommented:
Try all of them and see which you like better.  They both work (assuming permissions, etc. are in place).
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
@McKnife: yes, used means logged on, so in thiscase the script can see where the domain\administrator account is currently used.
0
 
McKnifeCommented:
The tools have been mentioned. But what would you need that info for, if I may ask - why would you like to know "where the domain admin is logged in"?
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
because I want to know where the DOMAIN\Administrator is being used on which servers by my team.
0
 
McKnifeConnect With a Mentor Commented:
Ok, to me it is still unclear why - you only repeat that you want to know, but not why. I hoped to be in a better position to help you if I knew why you need this info. Anyway, have a look at this freeware: http://www.cjwdev.com/Software/ServiceCredMan/Info.html
-> Easily track down all of the Windows services and scheduled tasks using a specific account
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
@McKnife: because my security team wants to split the password for the administrator and then rename the account, so in this case i need to know where it is currently logged on and then I need to log them off if it is still logged on.

@footech: thanks mate, I'll try that script and let you know soon.
0
 
footechCommented:
@McKnife - I hadn't come across that utility before.  I think I'll have to check it out the next time I'm changing service account credentials.  I've seen some of his tools before, but never used them.
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Thanks guys !
0
All Courses

From novice to tech pro — start learning today.