[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 231
  • Last Modified:

Powershell to find a users workstation

Is there a way to query AD via powershell to find the workstation of a user with just the users name/username?
0
BSModlin
Asked:
BSModlin
  • 3
  • 3
  • 2
  • +2
1 Solution
 
Chris DentPowerShell DeveloperCommented:
There's a really short answer to this I'm afraid.

No.

Nothing in AD allows you to trivially link users to computers. You need another data source.

If you had audit logging turned on you might be able to scrape the event logs (from each of the Domain Controllers) and establish the origin of the last authentication attempt(s). A bit of filtering is required to drop other integrated systems out of consideration though.

If you had any kind of configuration / asset management software you'd be able to use that. Be that SCCM or SpiceWorks, or almost anything else.

If you wanted to interrogate every single computer on the network you could establish it that way (this is all the configuration / asset management software is doing for you in this context).

Chris
0
 
Spike99On-Site IT TechnicianCommented:
There are 3rd party tools that can tell you that provided by such companies as Lansweeper, Solarwinds, Aternity or Goverlan.

This posting on spiceworks offers some suggestions for scripts & tools.
https://community.spiceworks.com/topic/441253-find-out-what-pc-a-user-is-logged-into-domain-connected

One of the responses mentions Network Scanner by Lansweeper, which looks promsing, although I have never used it.
https://www.softperfect.com/products/networkscanner/

The powershell script described on this page might work for you:
https://blogs.technet.microsoft.com/heyscriptingguy/2011/06/04/use-powershell-to-find-logon-sessions/
0
 
yo_beeDirector of ITCommented:
What is your goal with this task?
I create a vbs Logon script years ago to collect the computer to user details at logon for auditing as well as troubleshooting the end-user's computer without having to ask them too many questions

Is this what you are look to do?
I would be more then happy to share this with you.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
pony10usCommented:
I know that I am late to the party but thought I would through in a couple of things.

1. An AD user can log into any computer so there isn't really a relationship between user and computer.

2. We have tracked computers for years using nothing more than the login script. It provides a lot of detail including the username.

We have moved to KixStart for our login script however it shouldn't be difficult to modify. We send the results to our syslog server.

;Get PC info
$ComputerName = @WKSTA
Shell "CMD /e:1024 /c echo " + @Day + " " + @Date + " " + @Time + " > \\SYSLOG01V\logins\PC\%COMPUTERNAME%.txt"
If Exist ("\\SYSLOG01V\logins\PC\" + $ComputerName + ".txt")
        Open (3,"\\SYSLOG01V\logins\PC\$ComputerName.txt",4)
        $wmiColl = GetObject("WinMgmts:root/cimv2").ExecQuery("Select * FROM Win32_ComputerSystem") 
	For Each $wmiObj in $wmiColl 
                WriteLine (3,@CRLF + "System Manufacture: " + $wmiObj.Manufacturer) 
                WriteLine (3,@CRLF + "System Model: " + $wmiObj.Model) 
                WriteLine (3,@CRLF + "System Name: " + $wmiObj.Name) 
                WriteLine (3,@CRLF + "Domain: " + $wmiObj.Domain)
	Next 
	WriteLine (3,@CRLF + "Logged in User: " + %username%)
	$wmiColl = GetObject("WinMgmts:root/cimv2").ExecQuery("Select * FROM Win32_BIOS") 
	For Each $wmiObj in $wmiColl 
                WriteLine (3,@CRLF + @CRLF + "SerialNumber: " + $wmiObj.SerialNumber) 
        Next 
        $wmiColl = GetObject("WinMgmts:root/cimv2").ExecQuery("Select * FROM Win32_OperatingSystem") 
        For Each $wmiObj in $wmiColl 
                WriteLine(3,@CRLF + @CRLF + "Operating System: " + $wmiObj.Caption + " " + $wmiObj.CSDVersion) 
                WriteLine(3,@CRLF + "OS Serial Identification Number: " + $wmiObj.SerialNumber)
                WriteLine(3,@CRLF + "OS Install Date: " + $wmiObj.InstallDate + @CRLF)
        Next
        $wmiColl = GetObject("WinMgmts:root/cimv2").ExecQuery("Select * FROM Win32_Processor") 
        For Each $wmiObj in $wmiColl 
                WriteLine(3,@CRLF + "Processor Type: " + LTRIM($wmiObj.Name)) 
                WriteLine(3,@CRLF + "Processor Description: " + $wmiObj.Caption)
        Next
        $wmiColl = GetObject("WinMgmts:root/cimv2").ExecQuery("Select * FROM Win32_PhysicalMemory") 
        For Each $wmiObj in $wmiColl 
                $Type = $wmiObj.FormFactor
                If $Type = 7
                    $Factor = SIMM
                Else
                  If $Type = 8
                    $Factor = DIMM
                  Else
                    $Factor = Other
                  Endif
                Endif
                WriteLine(3,@CRLF + "Memory Type: " + $Factor + " " + int($wmiObj.Capacity) / 1048576  + " MB of RAM" )
        Next
        Close (3) 
EndIf 

Open in new window

1
 
Senior IT System EngineerIT ProfessionalCommented:
@pony10us,
Is that script must be saved as .batch file and then run it as computer login script ?
0
 
Chris DentPowerShell DeveloperCommented:
If you want to go down that road, you might like the simple option of this one:

http://blogs.msmvps.com/kwsupport/2005/02/24/lazy-mans-way-to-track-user-logonlogoff/

I used that one long, long ago.

Chris
0
 
Senior IT System EngineerIT ProfessionalCommented:
Many thanks Chris.
That's cool.
0
 
pony10usCommented:
Sorry, had an emergency medical situation so didn't get back to you.  

If all you want to track is Logon/Logoff then I suggest going with Chris's script.  Much simpler.  Mine actually grabs a lot of information about the computer as well.  

I can maybe go back and get the batch version we used prior to moving to Kixstart if you really want it.
1
 
Senior IT System EngineerIT ProfessionalCommented:
pony10us,

Yes please that'd be greatly appreciated since I'm not using Kixstart.
Anyway, I will be creating new thread and update you the link here :-)
0
 
yo_beeDirector of ITCommented:
Here is a basic Powershell that leverages AD module and WMI to gather information about the computers, but keep in mind that the computer needs a logged on person to have true value  for it.

Import-Module ActiveDirectory

$computers = Get-ADComputer -Filter *  -SearchBase 'OU=Computers,OU=Production,OU=xxx,DC=xxxxxx,DC=local' -SearchScope Subtree 

Foreach ($computer in $computers)
{ if (Test-Connection -ComputerName $computer.name -Quiet)
    {
        Get-WmiObject -ComputerName $computer.name -Class Win32_ComputerSystem | Select Name,Username
    }
}

Open in new window


If you wish to export it to a CSV just add the piped part after the Select

 | Export-csv -Path c:\ -NoTypeInformation -Append 

Open in new window


This will take some time, but it will work for you.

To truly gather a log you will need to create a logon and logoff script  and write the data to a DB of some sort.  

As I mentioned I have something in place in my environment that uses a VBS logon and Logoff to write to a MSSQL DB and I built a VB.net Form to query this data as well as execute commands against the computer or user.

If you are interested in this I will be more than happy to share this with you.
0
 
yo_beeDirector of ITCommented:
here is one addition script.

Import-Module activedirectory
clear
Get-ADComputer -Filter * -SearchBase 'OU=Computers,OU=Production,OU=FLH,DC=flhlaw,DC=local' |
ForEach-Object{
              
                    If (Test-Connection -computername $_.name -Count 1 -quiet)
                    {
                      $User = (Get-WmiObject Win32_ComputerSystem -ComputerName $_.name)
                      $Logon = (Get-WmiObject -Class Win32_LogonSession -ComputerName $_.name -Filter "LogonType='2'"| Select-Object -First 1 | where { $_.StartTime -ne $null} )
                            ##If($.starttime)
                      
                     write-Host $user.name, $user.userName,$logon.ConvertToDateTime($logon.StartTime)

                    }
                    Else
                    {
                       $_.name + " Offline"
                    }
                 

                  
          }

Open in new window

1

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 3
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now