How to check who is the user account that currently logged on the domain workstation?

This is using MS Windows Server 2008 R2 AD Domain. There are a few DC here. My boss want us to check who is the user currently logged on to a given domain PC. For example, a PC name netpc001, and we wanted to know who is the user for this pc. The fastest is to check who is the user currently logged on (or last accessed). btw, how to check?

Thanks in advance.
Who is Participating?
BillBondoConnect With a Mentor Commented:
Another option;

strComputer = "PC NAME, IP HERE"
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")  
Set colComputer = objWMIService.ExecQuery _
    ("Select * from Win32_ComputerSystem")
For Each objComputer in colComputer
    Wscript.Echo "Logged-on user: " & objComputer.UserName

Its a VBS script. Copy text above to notepad and save as *.vbs
Change pc name as needed and save, then run
Mohamed NagySoftware DeveloperCommented:
by this command line:


where is the IP of your device
MichaelBalackAuthor Commented:
Hi Mohamed,

Thank for your fast suggestion. I will try your method in a short while.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Niten KumarPrincipal Systems AdministratorCommented:
Try the powershell script below.

# Applies to: Computers
# Description: This script searches for a specific, logged on user on all or 
# specific Computers by checking the process "explorer.exe" and its owner.
# ********************************************************************************

#Set variables
$progress = 0

#Get Admin Credentials
Function Get-Login {
Write-Host "Please provide admin credentials (for example DOMAIN\admin.user and your password)"
$Global:Credential = Get-Credential

#Get Username to search for
Function Get-Username {
      $Global:Username = Read-Host "Enter username you want to search for"
      if ($Username -eq $null){
            Write-Host "Username cannot be blank, please re-enter username!"
      $UserCheck = Get-ADUser $Username
      if ($UserCheck -eq $null){
            Write-Host "Invalid username, please verify this is the logon id for the account!"

#Get Computername Prefix for large environments
Function Get-Prefix {
      $Global:Prefix = Read-Host "Enter a prefix of Computernames to search on (CXX*) use * as a wildcard or enter * to search on all computers"

#Start search
$computers = Get-ADComputer -Filter {Enabled -eq 'true' -and SamAccountName -like $Prefix}
$CompCount = $Computers.Count
Write-Host "Searching for $Username on $Prefix on $CompCount Computers`n"

#Start main foreach loop, search processes on all computers
foreach ($comp in $computers){
      $Computer = $comp.Name
      $Reply = $null
        $Reply = test-connection $Computer -count 1 -quiet
        if($Reply -eq 'True'){
            if($Computer -eq $env:COMPUTERNAME){
                  #Get explorer.exe processes without credentials parameter if the query is executed on the localhost
                  $proc = gwmi win32_process -ErrorAction SilentlyContinue -computer $Computer -Filter "Name = 'explorer.exe'"
                  #Get explorer.exe processes with credentials for remote hosts
                  $proc = gwmi win32_process -ErrorAction SilentlyContinue -Credential $Credential -computer $Computer -Filter "Name = 'explorer.exe'"
                  #If $proc is empty return msg else search collection of processes for username
                  write-host "Failed to check $Computer!"
                  ForEach ($p in $proc) {                        
                        $temp = ($p.GetOwner()).User
                        Write-Progress -activity "Working..." -status "Status: $progress of $CompCount Computers checked" -PercentComplete (($progress/$Computers.Count)*100)
                        if ($temp -eq $Username){
                        write-host "$Username is logged on $Computer"
write-host "Search done!"

Open in new window

MichaelBalackAuthor Commented:
Thank for expert - BillBondo of suggesting using the given vbs, it works perfectly with all the logged on user name exposed.
Tim BoswellMessaging Systems EngineerCommented:
If you're the network admin, another quick and dirty approach which I tend to use is just to browse to \\computername\users, and sort the folder list by Last Modified Date. The most recently modified folder was the last person to log on. Note that this doesn't tell you whether or not they're currently logged on.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.