Last Logged on User Script

We have a situation where we require a particular type of script.

One that shows

1. The name of the domain PC/Server
2. The time and date it was logged into
3. The user that logged into it last

I have searched all over and haven't found what i am looking for

I did though find this:

Get-ADComputer -Filter * -Properties *  | Sort LastLogonDate | FT Name, LastLogonDate, SID -Autosize

This gives me the Name of PC, Last login date/time and SID, i found no such option that would give me a username...

I was thinking if there was a possibility of piping the SIDs over into this command:



This will allow you to enter a SID and find the Domain User

$objSID = New-Object System.Security.Principal.SecurityIdentifier `
("ENTER-SID-HERE")
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
$objUser.Value

and in this way all SIDs would be translated to their domain user counterparts.

I would appreciate any assistance in this matter

Thank you
NetGenITAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rlandquistCommented:
Are you looking to have this logged as users log on to computers going forward or are you trying to find historical information?
0
NetGenITAuthor Commented:
Historical, as in just the last user that has logged into the machine since i ran script.
0
Will SzymkowskiSenior Solution ArchitectCommented:
his gives me the Name of PC, Last login date/time and SID, i found no such option that would give me a username
You will not be able to get the Username of the user that logged into the machine using the above commands. You will only be able to get this information from the security logs on the domain controller where the logon was authenticated.

If you have multiple DC's this will also be more challenging due to the machines being able to authenticate to any one of the DC's in your environment.

If you are looking for something like this I would recommend something like Lepide Auditor for Active Directory.
http://www.lepide.com/lepideauditor/active-directory.html

Not exactly what you were looking for but this info cannot be displayed using powershell.

If someone could possibly do this in a script format I would be interested to see how they accomplish it.

Will.
0
RobSampsonCommented:
You would first need to query AD to retrieve all of your DCs.  This code can do that:
' Determine configuration context and DNS domain from RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strConfig = objRootDSE.Get("configurationNamingContext")

' Use ADO to search Active Directory for ObjectClass nTDSDSA.
' This will identify all Domain Controllers.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection

strBase = "<LDAP://" & strConfig & ">"
strFilter = "(objectClass=nTDSDSA)"
strAttributes = "AdsPath"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"

adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 60
adoCommand.Properties("Cache Results") = False

Set adoRecordset = adoCommand.Execute

k = 0
Do Until adoRecordset.EOF
    Set objDC = _
        GetObject(GetObject(adoRecordset.Fields("AdsPath").Value).Parent)
    ReDim Preserve arrstrDCs(k)
    arrstrDCs(k) = objDC.DNSHostName
    k = k + 1
    adoRecordset.MoveNext
Loop
adoRecordset.Close

For k = 0 To Ubound(arrstrDCs)
    WScript.Echo arrstrDCs(k)
Next

Open in new window


You would then need to query the Security event logs on each of these DCs where the username matches the user you are after, and the workstation matches the workstation you are after.

Rob.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.