Solved

Powershell to find a users workstation

Posted on 2016-08-17
11
90 Views
Last Modified: 2016-09-20
Is there a way to query AD via powershell to find the workstation of a user with just the users name/username?
0
Comment
Question by:BSModlin
  • 3
  • 3
  • 2
  • +2
11 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 41760632
There's a really short answer to this I'm afraid.

No.

Nothing in AD allows you to trivially link users to computers. You need another data source.

If you had audit logging turned on you might be able to scrape the event logs (from each of the Domain Controllers) and establish the origin of the last authentication attempt(s). A bit of filtering is required to drop other integrated systems out of consideration though.

If you had any kind of configuration / asset management software you'd be able to use that. Be that SCCM or SpiceWorks, or almost anything else.

If you wanted to interrogate every single computer on the network you could establish it that way (this is all the configuration / asset management software is doing for you in this context).

Chris
0
 
LVL 16

Expert Comment

by:Spike99
ID: 41761078
There are 3rd party tools that can tell you that provided by such companies as Lansweeper, Solarwinds, Aternity or Goverlan.

This posting on spiceworks offers some suggestions for scripts & tools.
https://community.spiceworks.com/topic/441253-find-out-what-pc-a-user-is-logged-into-domain-connected

One of the responses mentions Network Scanner by Lansweeper, which looks promsing, although I have never used it.
https://www.softperfect.com/products/networkscanner/

The powershell script described on this page might work for you:
https://blogs.technet.microsoft.com/heyscriptingguy/2011/06/04/use-powershell-to-find-logon-sessions/
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 41761281
What is your goal with this task?
I create a vbs Logon script years ago to collect the computer to user details at logon for auditing as well as troubleshooting the end-user's computer without having to ask them too many questions

Is this what you are look to do?
I would be more then happy to share this with you.
0
 
LVL 26

Expert Comment

by:pony10us
ID: 41796211
I know that I am late to the party but thought I would through in a couple of things.

1. An AD user can log into any computer so there isn't really a relationship between user and computer.

2. We have tracked computers for years using nothing more than the login script. It provides a lot of detail including the username.

We have moved to KixStart for our login script however it shouldn't be difficult to modify. We send the results to our syslog server.

;Get PC info
$ComputerName = @WKSTA
Shell "CMD /e:1024 /c echo " + @Day + " " + @Date + " " + @Time + " > \\SYSLOG01V\logins\PC\%COMPUTERNAME%.txt"
If Exist ("\\SYSLOG01V\logins\PC\" + $ComputerName + ".txt")
        Open (3,"\\SYSLOG01V\logins\PC\$ComputerName.txt",4)
        $wmiColl = GetObject("WinMgmts:root/cimv2").ExecQuery("Select * FROM Win32_ComputerSystem") 
	For Each $wmiObj in $wmiColl 
                WriteLine (3,@CRLF + "System Manufacture: " + $wmiObj.Manufacturer) 
                WriteLine (3,@CRLF + "System Model: " + $wmiObj.Model) 
                WriteLine (3,@CRLF + "System Name: " + $wmiObj.Name) 
                WriteLine (3,@CRLF + "Domain: " + $wmiObj.Domain)
	Next 
	WriteLine (3,@CRLF + "Logged in User: " + %username%)
	$wmiColl = GetObject("WinMgmts:root/cimv2").ExecQuery("Select * FROM Win32_BIOS") 
	For Each $wmiObj in $wmiColl 
                WriteLine (3,@CRLF + @CRLF + "SerialNumber: " + $wmiObj.SerialNumber) 
        Next 
        $wmiColl = GetObject("WinMgmts:root/cimv2").ExecQuery("Select * FROM Win32_OperatingSystem") 
        For Each $wmiObj in $wmiColl 
                WriteLine(3,@CRLF + @CRLF + "Operating System: " + $wmiObj.Caption + " " + $wmiObj.CSDVersion) 
                WriteLine(3,@CRLF + "OS Serial Identification Number: " + $wmiObj.SerialNumber)
                WriteLine(3,@CRLF + "OS Install Date: " + $wmiObj.InstallDate + @CRLF)
        Next
        $wmiColl = GetObject("WinMgmts:root/cimv2").ExecQuery("Select * FROM Win32_Processor") 
        For Each $wmiObj in $wmiColl 
                WriteLine(3,@CRLF + "Processor Type: " + LTRIM($wmiObj.Name)) 
                WriteLine(3,@CRLF + "Processor Description: " + $wmiObj.Caption)
        Next
        $wmiColl = GetObject("WinMgmts:root/cimv2").ExecQuery("Select * FROM Win32_PhysicalMemory") 
        For Each $wmiObj in $wmiColl 
                $Type = $wmiObj.FormFactor
                If $Type = 7
                    $Factor = SIMM
                Else
                  If $Type = 8
                    $Factor = DIMM
                  Else
                    $Factor = Other
                  Endif
                Endif
                WriteLine(3,@CRLF + "Memory Type: " + $Factor + " " + int($wmiObj.Capacity) / 1048576  + " MB of RAM" )
        Next
        Close (3) 
EndIf 

Open in new window

1
 
LVL 7

Expert Comment

by:Senior IT System Engineer
ID: 41804027
@pony10us,
Is that script must be saved as .batch file and then run it as computer login script ?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 41804337
If you want to go down that road, you might like the simple option of this one:

http://blogs.msmvps.com/kwsupport/2005/02/24/lazy-mans-way-to-track-user-logonlogoff/

I used that one long, long ago.

Chris
0
 
LVL 7

Expert Comment

by:Senior IT System Engineer
ID: 41804355
Many thanks Chris.
That's cool.
0
 
LVL 26

Expert Comment

by:pony10us
ID: 41805013
Sorry, had an emergency medical situation so didn't get back to you.  

If all you want to track is Logon/Logoff then I suggest going with Chris's script.  Much simpler.  Mine actually grabs a lot of information about the computer as well.  

I can maybe go back and get the batch version we used prior to moving to Kixstart if you really want it.
1
 
LVL 7

Expert Comment

by:Senior IT System Engineer
ID: 41805657
pony10us,

Yes please that'd be greatly appreciated since I'm not using Kixstart.
Anyway, I will be creating new thread and update you the link here :-)
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 41806327
Here is a basic Powershell that leverages AD module and WMI to gather information about the computers, but keep in mind that the computer needs a logged on person to have true value  for it.

Import-Module ActiveDirectory

$computers = Get-ADComputer -Filter *  -SearchBase 'OU=Computers,OU=Production,OU=xxx,DC=xxxxxx,DC=local' -SearchScope Subtree 

Foreach ($computer in $computers)
{ if (Test-Connection -ComputerName $computer.name -Quiet)
    {
        Get-WmiObject -ComputerName $computer.name -Class Win32_ComputerSystem | Select Name,Username
    }
}

Open in new window


If you wish to export it to a CSV just add the piped part after the Select

 | Export-csv -Path c:\ -NoTypeInformation -Append 

Open in new window


This will take some time, but it will work for you.

To truly gather a log you will need to create a logon and logoff script  and write the data to a DB of some sort.  

As I mentioned I have something in place in my environment that uses a VBS logon and Logoff to write to a MSSQL DB and I built a VB.net Form to query this data as well as execute commands against the computer or user.

If you are interested in this I will be more than happy to share this with you.
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 41806798
here is one addition script.

Import-Module activedirectory
clear
Get-ADComputer -Filter * -SearchBase 'OU=Computers,OU=Production,OU=FLH,DC=flhlaw,DC=local' |
ForEach-Object{
              
                    If (Test-Connection -computername $_.name -Count 1 -quiet)
                    {
                      $User = (Get-WmiObject Win32_ComputerSystem -ComputerName $_.name)
                      $Logon = (Get-WmiObject -Class Win32_LogonSession -ComputerName $_.name -Filter "LogonType='2'"| Select-Object -First 1 | where { $_.StartTime -ne $null} )
                            ##If($.starttime)
                      
                     write-Host $user.name, $user.userName,$logon.ConvertToDateTime($logon.StartTime)

                    }
                    Else
                    {
                       $_.name + " Offline"
                    }
                 

                  
          }

Open in new window

0

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This article will help you understand what HashTables are and how to use them in PowerShell.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now