?
Solved

How to check who is the user account that currently logged on the domain workstation?

Posted on 2016-11-09
6
Medium Priority
?
96 Views
Last Modified: 2016-11-10
This is using MS Windows Server 2008 R2 AD Domain. There are a few DC here. My boss want us to check who is the user currently logged on to a given domain PC. For example, a PC name netpc001, and we wanted to know who is the user for this pc. The fastest is to check who is the user currently logged on (or last accessed). btw, how to check?

Thanks in advance.
0
Comment
Question by:MichaelBalack
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 

Expert Comment

by:Mohamed Nagy
ID: 41880286
by this command line:

WMIC /NODE: xxx.xxx.xxx.xxx COMPUTERSYSTEM GET USERNAME

where xxx.xxx.xxx.xxx is the IP of your device
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 41880290
Hi Mohamed,

Thank for your fast suggestion. I will try your method in a short while.
1
 
LVL 6

Expert Comment

by:Niten Kumar
ID: 41880340
Try the powershell script below.



# Applies to: Computers
#
# Description: This script searches for a specific, logged on user on all or 
# specific Computers by checking the process "explorer.exe" and its owner.
#
# ********************************************************************************

#Set variables
$progress = 0

#Get Admin Credentials
Function Get-Login {
Clear-Host
Write-Host "Please provide admin credentials (for example DOMAIN\admin.user and your password)"
$Global:Credential = Get-Credential
}
Get-Login

#Get Username to search for
Function Get-Username {
      Clear-Host
      $Global:Username = Read-Host "Enter username you want to search for"
      if ($Username -eq $null){
            Write-Host "Username cannot be blank, please re-enter username!"
            Get-Username
      }
      $UserCheck = Get-ADUser $Username
      if ($UserCheck -eq $null){
            Write-Host "Invalid username, please verify this is the logon id for the account!"
            Get-Username
      }
}
Get-Username

#Get Computername Prefix for large environments
Function Get-Prefix {
      Clear-Host
      $Global:Prefix = Read-Host "Enter a prefix of Computernames to search on (CXX*) use * as a wildcard or enter * to search on all computers"
      Clear-Host
}
Get-Prefix

#Start search
$computers = Get-ADComputer -Filter {Enabled -eq 'true' -and SamAccountName -like $Prefix}
$CompCount = $Computers.Count
Write-Host "Searching for $Username on $Prefix on $CompCount Computers`n"

#Start main foreach loop, search processes on all computers
foreach ($comp in $computers){
      $Computer = $comp.Name
      $Reply = $null
        $Reply = test-connection $Computer -count 1 -quiet
        if($Reply -eq 'True'){
            if($Computer -eq $env:COMPUTERNAME){
                  #Get explorer.exe processes without credentials parameter if the query is executed on the localhost
                  $proc = gwmi win32_process -ErrorAction SilentlyContinue -computer $Computer -Filter "Name = 'explorer.exe'"
            }
            else{
                  #Get explorer.exe processes with credentials for remote hosts
                  $proc = gwmi win32_process -ErrorAction SilentlyContinue -Credential $Credential -computer $Computer -Filter "Name = 'explorer.exe'"
            }                  
                  #If $proc is empty return msg else search collection of processes for username
            if([string]::IsNullOrEmpty($proc)){
                  write-host "Failed to check $Computer!"
            }
            else{      
                  $progress++                  
                  ForEach ($p in $proc) {                        
                        $temp = ($p.GetOwner()).User
                        Write-Progress -activity "Working..." -status "Status: $progress of $CompCount Computers checked" -PercentComplete (($progress/$Computers.Count)*100)
                        if ($temp -eq $Username){
                        write-host "$Username is logged on $Computer"
                        }
                  }
            }      
      }
}
write-host "Search done!"

Open in new window

0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 11

Accepted Solution

by:
BillBondo earned 2000 total points
ID: 41880671
Another option;

strComputer = "PC NAME, IP HERE"
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")  
 
Set colComputer = objWMIService.ExecQuery _
    ("Select * from Win32_ComputerSystem")
 
For Each objComputer in colComputer
    Wscript.Echo "Logged-on user: " & objComputer.UserName
Next


Its a VBS script. Copy text above to notepad and save as *.vbs
Change pc name as needed and save, then run
0
 
LVL 1

Author Closing Comment

by:MichaelBalack
ID: 41881853
Thank for expert - BillBondo of suggesting using the given vbs, it works perfectly with all the logged on user name exposed.
0
 
LVL 1

Expert Comment

by:Tim Boswell
ID: 41882014
If you're the network admin, another quick and dirty approach which I tend to use is just to browse to \\computername\users, and sort the folder list by Last Modified Date. The most recently modified folder was the last person to log on. Note that this doesn't tell you whether or not they're currently logged on.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question