Solved

Powershell to find a users workstation

Posted on 2016-08-17
11
126 Views
Last Modified: 2016-09-20
Is there a way to query AD via powershell to find the workstation of a user with just the users name/username?
0
Comment
Question by:BSModlin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +2
11 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 41760632
There's a really short answer to this I'm afraid.

No.

Nothing in AD allows you to trivially link users to computers. You need another data source.

If you had audit logging turned on you might be able to scrape the event logs (from each of the Domain Controllers) and establish the origin of the last authentication attempt(s). A bit of filtering is required to drop other integrated systems out of consideration though.

If you had any kind of configuration / asset management software you'd be able to use that. Be that SCCM or SpiceWorks, or almost anything else.

If you wanted to interrogate every single computer on the network you could establish it that way (this is all the configuration / asset management software is doing for you in this context).

Chris
0
 
LVL 17

Expert Comment

by:Spike99
ID: 41761078
There are 3rd party tools that can tell you that provided by such companies as Lansweeper, Solarwinds, Aternity or Goverlan.

This posting on spiceworks offers some suggestions for scripts & tools.
https://community.spiceworks.com/topic/441253-find-out-what-pc-a-user-is-logged-into-domain-connected

One of the responses mentions Network Scanner by Lansweeper, which looks promsing, although I have never used it.
https://www.softperfect.com/products/networkscanner/

The powershell script described on this page might work for you:
https://blogs.technet.microsoft.com/heyscriptingguy/2011/06/04/use-powershell-to-find-logon-sessions/
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 41761281
What is your goal with this task?
I create a vbs Logon script years ago to collect the computer to user details at logon for auditing as well as troubleshooting the end-user's computer without having to ask them too many questions

Is this what you are look to do?
I would be more then happy to share this with you.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 26

Expert Comment

by:pony10us
ID: 41796211
I know that I am late to the party but thought I would through in a couple of things.

1. An AD user can log into any computer so there isn't really a relationship between user and computer.

2. We have tracked computers for years using nothing more than the login script. It provides a lot of detail including the username.

We have moved to KixStart for our login script however it shouldn't be difficult to modify. We send the results to our syslog server.

;Get PC info
$ComputerName = @WKSTA
Shell "CMD /e:1024 /c echo " + @Day + " " + @Date + " " + @Time + " > \\SYSLOG01V\logins\PC\%COMPUTERNAME%.txt"
If Exist ("\\SYSLOG01V\logins\PC\" + $ComputerName + ".txt")
        Open (3,"\\SYSLOG01V\logins\PC\$ComputerName.txt",4)
        $wmiColl = GetObject("WinMgmts:root/cimv2").ExecQuery("Select * FROM Win32_ComputerSystem") 
	For Each $wmiObj in $wmiColl 
                WriteLine (3,@CRLF + "System Manufacture: " + $wmiObj.Manufacturer) 
                WriteLine (3,@CRLF + "System Model: " + $wmiObj.Model) 
                WriteLine (3,@CRLF + "System Name: " + $wmiObj.Name) 
                WriteLine (3,@CRLF + "Domain: " + $wmiObj.Domain)
	Next 
	WriteLine (3,@CRLF + "Logged in User: " + %username%)
	$wmiColl = GetObject("WinMgmts:root/cimv2").ExecQuery("Select * FROM Win32_BIOS") 
	For Each $wmiObj in $wmiColl 
                WriteLine (3,@CRLF + @CRLF + "SerialNumber: " + $wmiObj.SerialNumber) 
        Next 
        $wmiColl = GetObject("WinMgmts:root/cimv2").ExecQuery("Select * FROM Win32_OperatingSystem") 
        For Each $wmiObj in $wmiColl 
                WriteLine(3,@CRLF + @CRLF + "Operating System: " + $wmiObj.Caption + " " + $wmiObj.CSDVersion) 
                WriteLine(3,@CRLF + "OS Serial Identification Number: " + $wmiObj.SerialNumber)
                WriteLine(3,@CRLF + "OS Install Date: " + $wmiObj.InstallDate + @CRLF)
        Next
        $wmiColl = GetObject("WinMgmts:root/cimv2").ExecQuery("Select * FROM Win32_Processor") 
        For Each $wmiObj in $wmiColl 
                WriteLine(3,@CRLF + "Processor Type: " + LTRIM($wmiObj.Name)) 
                WriteLine(3,@CRLF + "Processor Description: " + $wmiObj.Caption)
        Next
        $wmiColl = GetObject("WinMgmts:root/cimv2").ExecQuery("Select * FROM Win32_PhysicalMemory") 
        For Each $wmiObj in $wmiColl 
                $Type = $wmiObj.FormFactor
                If $Type = 7
                    $Factor = SIMM
                Else
                  If $Type = 8
                    $Factor = DIMM
                  Else
                    $Factor = Other
                  Endif
                Endif
                WriteLine(3,@CRLF + "Memory Type: " + $Factor + " " + int($wmiObj.Capacity) / 1048576  + " MB of RAM" )
        Next
        Close (3) 
EndIf 

Open in new window

1
 
LVL 8

Expert Comment

by:Senior IT System Engineer
ID: 41804027
@pony10us,
Is that script must be saved as .batch file and then run it as computer login script ?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 41804337
If you want to go down that road, you might like the simple option of this one:

http://blogs.msmvps.com/kwsupport/2005/02/24/lazy-mans-way-to-track-user-logonlogoff/

I used that one long, long ago.

Chris
0
 
LVL 8

Expert Comment

by:Senior IT System Engineer
ID: 41804355
Many thanks Chris.
That's cool.
0
 
LVL 26

Expert Comment

by:pony10us
ID: 41805013
Sorry, had an emergency medical situation so didn't get back to you.  

If all you want to track is Logon/Logoff then I suggest going with Chris's script.  Much simpler.  Mine actually grabs a lot of information about the computer as well.  

I can maybe go back and get the batch version we used prior to moving to Kixstart if you really want it.
1
 
LVL 8

Expert Comment

by:Senior IT System Engineer
ID: 41805657
pony10us,

Yes please that'd be greatly appreciated since I'm not using Kixstart.
Anyway, I will be creating new thread and update you the link here :-)
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 41806327
Here is a basic Powershell that leverages AD module and WMI to gather information about the computers, but keep in mind that the computer needs a logged on person to have true value  for it.

Import-Module ActiveDirectory

$computers = Get-ADComputer -Filter *  -SearchBase 'OU=Computers,OU=Production,OU=xxx,DC=xxxxxx,DC=local' -SearchScope Subtree 

Foreach ($computer in $computers)
{ if (Test-Connection -ComputerName $computer.name -Quiet)
    {
        Get-WmiObject -ComputerName $computer.name -Class Win32_ComputerSystem | Select Name,Username
    }
}

Open in new window


If you wish to export it to a CSV just add the piped part after the Select

 | Export-csv -Path c:\ -NoTypeInformation -Append 

Open in new window


This will take some time, but it will work for you.

To truly gather a log you will need to create a logon and logoff script  and write the data to a DB of some sort.  

As I mentioned I have something in place in my environment that uses a VBS logon and Logoff to write to a MSSQL DB and I built a VB.net Form to query this data as well as execute commands against the computer or user.

If you are interested in this I will be more than happy to share this with you.
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 41806798
here is one addition script.

Import-Module activedirectory
clear
Get-ADComputer -Filter * -SearchBase 'OU=Computers,OU=Production,OU=FLH,DC=flhlaw,DC=local' |
ForEach-Object{
              
                    If (Test-Connection -computername $_.name -Count 1 -quiet)
                    {
                      $User = (Get-WmiObject Win32_ComputerSystem -ComputerName $_.name)
                      $Logon = (Get-WmiObject -Class Win32_LogonSession -ComputerName $_.name -Filter "LogonType='2'"| Select-Object -First 1 | where { $_.StartTime -ne $null} )
                            ##If($.starttime)
                      
                     write-Host $user.name, $user.userName,$logon.ConvertToDateTime($logon.StartTime)

                    }
                    Else
                    {
                       $_.name + " Offline"
                    }
                 

                  
          }

Open in new window

0

Featured Post

Office 365 Advanced Training for Admins

Special Offer:  Buy 1 course, get 2nd free!  Buy the 'Managing Office 365 Identities & Requirements' course w/ Accelerated TestPrep, and automatically receive the 'Enabling Office 365 Services' course FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
New IP's needed ASAP 6 81
Azure AD / OAUTH 2 37
Automatic Windows Service stops by itself 6 103
Copy-Item -UseTransaction not working 2 34
Windows 10 came with  a lot of built in applications, Some organisations leave them there, some will control them using GPO's. This Article is useful for those who do not want to have any applications in their image (example:me).
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question