Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Powershell to find a users workstation

Posted on 2016-08-17
11
Medium Priority
?
204 Views
Last Modified: 2016-09-20
Is there a way to query AD via powershell to find the workstation of a user with just the users name/username?
0
Comment
Question by:BSModlin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +2
11 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 41760632
There's a really short answer to this I'm afraid.

No.

Nothing in AD allows you to trivially link users to computers. You need another data source.

If you had audit logging turned on you might be able to scrape the event logs (from each of the Domain Controllers) and establish the origin of the last authentication attempt(s). A bit of filtering is required to drop other integrated systems out of consideration though.

If you had any kind of configuration / asset management software you'd be able to use that. Be that SCCM or SpiceWorks, or almost anything else.

If you wanted to interrogate every single computer on the network you could establish it that way (this is all the configuration / asset management software is doing for you in this context).

Chris
0
 
LVL 17

Expert Comment

by:Spike99
ID: 41761078
There are 3rd party tools that can tell you that provided by such companies as Lansweeper, Solarwinds, Aternity or Goverlan.

This posting on spiceworks offers some suggestions for scripts & tools.
https://community.spiceworks.com/topic/441253-find-out-what-pc-a-user-is-logged-into-domain-connected

One of the responses mentions Network Scanner by Lansweeper, which looks promsing, although I have never used it.
https://www.softperfect.com/products/networkscanner/

The powershell script described on this page might work for you:
https://blogs.technet.microsoft.com/heyscriptingguy/2011/06/04/use-powershell-to-find-logon-sessions/
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 41761281
What is your goal with this task?
I create a vbs Logon script years ago to collect the computer to user details at logon for auditing as well as troubleshooting the end-user's computer without having to ask them too many questions

Is this what you are look to do?
I would be more then happy to share this with you.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 26

Expert Comment

by:pony10us
ID: 41796211
I know that I am late to the party but thought I would through in a couple of things.

1. An AD user can log into any computer so there isn't really a relationship between user and computer.

2. We have tracked computers for years using nothing more than the login script. It provides a lot of detail including the username.

We have moved to KixStart for our login script however it shouldn't be difficult to modify. We send the results to our syslog server.

;Get PC info
$ComputerName = @WKSTA
Shell "CMD /e:1024 /c echo " + @Day + " " + @Date + " " + @Time + " > \\SYSLOG01V\logins\PC\%COMPUTERNAME%.txt"
If Exist ("\\SYSLOG01V\logins\PC\" + $ComputerName + ".txt")
        Open (3,"\\SYSLOG01V\logins\PC\$ComputerName.txt",4)
        $wmiColl = GetObject("WinMgmts:root/cimv2").ExecQuery("Select * FROM Win32_ComputerSystem") 
	For Each $wmiObj in $wmiColl 
                WriteLine (3,@CRLF + "System Manufacture: " + $wmiObj.Manufacturer) 
                WriteLine (3,@CRLF + "System Model: " + $wmiObj.Model) 
                WriteLine (3,@CRLF + "System Name: " + $wmiObj.Name) 
                WriteLine (3,@CRLF + "Domain: " + $wmiObj.Domain)
	Next 
	WriteLine (3,@CRLF + "Logged in User: " + %username%)
	$wmiColl = GetObject("WinMgmts:root/cimv2").ExecQuery("Select * FROM Win32_BIOS") 
	For Each $wmiObj in $wmiColl 
                WriteLine (3,@CRLF + @CRLF + "SerialNumber: " + $wmiObj.SerialNumber) 
        Next 
        $wmiColl = GetObject("WinMgmts:root/cimv2").ExecQuery("Select * FROM Win32_OperatingSystem") 
        For Each $wmiObj in $wmiColl 
                WriteLine(3,@CRLF + @CRLF + "Operating System: " + $wmiObj.Caption + " " + $wmiObj.CSDVersion) 
                WriteLine(3,@CRLF + "OS Serial Identification Number: " + $wmiObj.SerialNumber)
                WriteLine(3,@CRLF + "OS Install Date: " + $wmiObj.InstallDate + @CRLF)
        Next
        $wmiColl = GetObject("WinMgmts:root/cimv2").ExecQuery("Select * FROM Win32_Processor") 
        For Each $wmiObj in $wmiColl 
                WriteLine(3,@CRLF + "Processor Type: " + LTRIM($wmiObj.Name)) 
                WriteLine(3,@CRLF + "Processor Description: " + $wmiObj.Caption)
        Next
        $wmiColl = GetObject("WinMgmts:root/cimv2").ExecQuery("Select * FROM Win32_PhysicalMemory") 
        For Each $wmiObj in $wmiColl 
                $Type = $wmiObj.FormFactor
                If $Type = 7
                    $Factor = SIMM
                Else
                  If $Type = 8
                    $Factor = DIMM
                  Else
                    $Factor = Other
                  Endif
                Endif
                WriteLine(3,@CRLF + "Memory Type: " + $Factor + " " + int($wmiObj.Capacity) / 1048576  + " MB of RAM" )
        Next
        Close (3) 
EndIf 

Open in new window

1
 
LVL 8

Expert Comment

by:Senior IT System Engineer
ID: 41804027
@pony10us,
Is that script must be saved as .batch file and then run it as computer login script ?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 41804337
If you want to go down that road, you might like the simple option of this one:

http://blogs.msmvps.com/kwsupport/2005/02/24/lazy-mans-way-to-track-user-logonlogoff/

I used that one long, long ago.

Chris
0
 
LVL 8

Expert Comment

by:Senior IT System Engineer
ID: 41804355
Many thanks Chris.
That's cool.
0
 
LVL 26

Expert Comment

by:pony10us
ID: 41805013
Sorry, had an emergency medical situation so didn't get back to you.  

If all you want to track is Logon/Logoff then I suggest going with Chris's script.  Much simpler.  Mine actually grabs a lot of information about the computer as well.  

I can maybe go back and get the batch version we used prior to moving to Kixstart if you really want it.
1
 
LVL 8

Expert Comment

by:Senior IT System Engineer
ID: 41805657
pony10us,

Yes please that'd be greatly appreciated since I'm not using Kixstart.
Anyway, I will be creating new thread and update you the link here :-)
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 41806327
Here is a basic Powershell that leverages AD module and WMI to gather information about the computers, but keep in mind that the computer needs a logged on person to have true value  for it.

Import-Module ActiveDirectory

$computers = Get-ADComputer -Filter *  -SearchBase 'OU=Computers,OU=Production,OU=xxx,DC=xxxxxx,DC=local' -SearchScope Subtree 

Foreach ($computer in $computers)
{ if (Test-Connection -ComputerName $computer.name -Quiet)
    {
        Get-WmiObject -ComputerName $computer.name -Class Win32_ComputerSystem | Select Name,Username
    }
}

Open in new window


If you wish to export it to a CSV just add the piped part after the Select

 | Export-csv -Path c:\ -NoTypeInformation -Append 

Open in new window


This will take some time, but it will work for you.

To truly gather a log you will need to create a logon and logoff script  and write the data to a DB of some sort.  

As I mentioned I have something in place in my environment that uses a VBS logon and Logoff to write to a MSSQL DB and I built a VB.net Form to query this data as well as execute commands against the computer or user.

If you are interested in this I will be more than happy to share this with you.
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 41806798
here is one addition script.

Import-Module activedirectory
clear
Get-ADComputer -Filter * -SearchBase 'OU=Computers,OU=Production,OU=FLH,DC=flhlaw,DC=local' |
ForEach-Object{
              
                    If (Test-Connection -computername $_.name -Count 1 -quiet)
                    {
                      $User = (Get-WmiObject Win32_ComputerSystem -ComputerName $_.name)
                      $Logon = (Get-WmiObject -Class Win32_LogonSession -ComputerName $_.name -Filter "LogonType='2'"| Select-Object -First 1 | where { $_.StartTime -ne $null} )
                            ##If($.starttime)
                      
                     write-Host $user.name, $user.userName,$logon.ConvertToDateTime($logon.StartTime)

                    }
                    Else
                    {
                       $_.name + " Offline"
                    }
                 

                  
          }

Open in new window

1

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
A walk-through example of how to obtain and apply new DID phone numbers to your cloud PBX enabled users that are configured in Office 365. Whether you have 1, 10 or 100+ users in your tenant, it's quite easy to get them phone-enabled and making/rece…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question