• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 77
  • Last Modified:

Last Logged on User Script

We have a situation where we require a particular type of script.

One that shows

1. The name of the domain PC/Server
2. The time and date it was logged into
3. The user that logged into it last

I have searched all over and haven't found what i am looking for

I did though find this:

Get-ADComputer -Filter * -Properties *  | Sort LastLogonDate | FT Name, LastLogonDate, SID -Autosize

This gives me the Name of PC, Last login date/time and SID, i found no such option that would give me a username...

I was thinking if there was a possibility of piping the SIDs over into this command:



This will allow you to enter a SID and find the Domain User

$objSID = New-Object System.Security.Principal.SecurityIdentifier `
("ENTER-SID-HERE")
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
$objUser.Value

and in this way all SIDs would be translated to their domain user counterparts.

I would appreciate any assistance in this matter

Thank you
0
NetGenIT
Asked:
NetGenIT
1 Solution
 
rlandquistCommented:
Are you looking to have this logged as users log on to computers going forward or are you trying to find historical information?
0
 
NetGenITAuthor Commented:
Historical, as in just the last user that has logged into the machine since i ran script.
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
his gives me the Name of PC, Last login date/time and SID, i found no such option that would give me a username
You will not be able to get the Username of the user that logged into the machine using the above commands. You will only be able to get this information from the security logs on the domain controller where the logon was authenticated.

If you have multiple DC's this will also be more challenging due to the machines being able to authenticate to any one of the DC's in your environment.

If you are looking for something like this I would recommend something like Lepide Auditor for Active Directory.
http://www.lepide.com/lepideauditor/active-directory.html

Not exactly what you were looking for but this info cannot be displayed using powershell.

If someone could possibly do this in a script format I would be interested to see how they accomplish it.

Will.
0
 
RobSampsonCommented:
You would first need to query AD to retrieve all of your DCs.  This code can do that:
' Determine configuration context and DNS domain from RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strConfig = objRootDSE.Get("configurationNamingContext")

' Use ADO to search Active Directory for ObjectClass nTDSDSA.
' This will identify all Domain Controllers.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection

strBase = "<LDAP://" & strConfig & ">"
strFilter = "(objectClass=nTDSDSA)"
strAttributes = "AdsPath"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"

adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 60
adoCommand.Properties("Cache Results") = False

Set adoRecordset = adoCommand.Execute

k = 0
Do Until adoRecordset.EOF
    Set objDC = _
        GetObject(GetObject(adoRecordset.Fields("AdsPath").Value).Parent)
    ReDim Preserve arrstrDCs(k)
    arrstrDCs(k) = objDC.DNSHostName
    k = k + 1
    adoRecordset.MoveNext
Loop
adoRecordset.Close

For k = 0 To Ubound(arrstrDCs)
    WScript.Echo arrstrDCs(k)
Next

Open in new window


You would then need to query the Security event logs on each of these DCs where the username matches the user you are after, and the workstation matches the workstation you are after.

Rob.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now