How to check who is the user account that currently logged on the domain workstation?
This is using MS Windows Server 2008 R2 AD Domain. There are a few DC here. My boss want us to check who is the user currently logged on to a given domain PC. For example, a PC name netpc001, and we wanted to know who is the user for this pc. The fastest is to check who is the user currently logged on (or last accessed). btw, how to check?
Thanks in advance.
Thanks in advance.
ASKER
Hi Mohamed,
Thank for your fast suggestion. I will try your method in a short while.
Thank for your fast suggestion. I will try your method in a short while.
Try the powershell script below.
# Applies to: Computers
#
# Description: This script searches for a specific, logged on user on all or
# specific Computers by checking the process "explorer.exe" and its owner.
#
# ********************************************************************************
#Set variables
$progress = 0
#Get Admin Credentials
Function Get-Login {
Clear-Host
Write-Host "Please provide admin credentials (for example DOMAIN\admin.user and your password)"
$Global:Credential = Get-Credential
}
Get-Login
#Get Username to search for
Function Get-Username {
Clear-Host
$Global:Username = Read-Host "Enter username you want to search for"
if ($Username -eq $null){
Write-Host "Username cannot be blank, please re-enter username!"
Get-Username
}
$UserCheck = Get-ADUser $Username
if ($UserCheck -eq $null){
Write-Host "Invalid username, please verify this is the logon id for the account!"
Get-Username
}
}
Get-Username
#Get Computername Prefix for large environments
Function Get-Prefix {
Clear-Host
$Global:Prefix = Read-Host "Enter a prefix of Computernames to search on (CXX*) use * as a wildcard or enter * to search on all computers"
Clear-Host
}
Get-Prefix
#Start search
$computers = Get-ADComputer -Filter {Enabled -eq 'true' -and SamAccountName -like $Prefix}
$CompCount = $Computers.Count
Write-Host "Searching for $Username on $Prefix on $CompCount Computers`n"
#Start main foreach loop, search processes on all computers
foreach ($comp in $computers){
$Computer = $comp.Name
$Reply = $null
$Reply = test-connection $Computer -count 1 -quiet
if($Reply -eq 'True'){
if($Computer -eq $env:COMPUTERNAME){
#Get explorer.exe processes without credentials parameter if the query is executed on the localhost
$proc = gwmi win32_process -ErrorAction SilentlyContinue -computer $Computer -Filter "Name = 'explorer.exe'"
}
else{
#Get explorer.exe processes with credentials for remote hosts
$proc = gwmi win32_process -ErrorAction SilentlyContinue -Credential $Credential -computer $Computer -Filter "Name = 'explorer.exe'"
}
#If $proc is empty return msg else search collection of processes for username
if([string]::IsNullOrEmpty($proc)){
write-host "Failed to check $Computer!"
}
else{
$progress++
ForEach ($p in $proc) {
$temp = ($p.GetOwner()).User
Write-Progress -activity "Working..." -status "Status: $progress of $CompCount Computers checked" -PercentComplete (($progress/$Computers.Count)*100)
if ($temp -eq $Username){
write-host "$Username is logged on $Computer"
}
}
}
}
}
write-host "Search done!"ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank for expert - BillBondo of suggesting using the given vbs, it works perfectly with all the logged on user name exposed.
If you're the network admin, another quick and dirty approach which I tend to use is just to browse to \\computername\users, and sort the folder list by Last Modified Date. The most recently modified folder was the last person to log on. Note that this doesn't tell you whether or not they're currently logged on.
WMIC /NODE: xxx.xxx.xxx.xxx COMPUTERSYSTEM GET USERNAME
where xxx.xxx.xxx.xxx is the IP of your device