Script or program to see who is logged in where in the complete domain

I am in search of a script or (free) program which can tell me who is logged in in one of our systems in the domain. i see a lot of scripts that can tell me for just one system but i want to see it for all systems so i can see if a user is still logged in somewhere
Lennart GiaccottoAdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:
How many systems? Something that can say who is logged on everywhere is almost always a problem of scale. If you have 30 computers, it's easy. If you have 5000, the burden of checking is a bit daft.
0
Chris DentPowerShell DeveloperCommented:
Oh and I used to use this, long ago, for a mid-size (500 to 1000 systems) domain to give me an overview:

http://blogs.msmvps.com/kwsupport/2005/02/24/lazy-mans-way-to-track-user-logonlogoff/

It has some limitations, it doesn't trigger when a user is connected via a VPN client for example. A lot depends on the size and nature of your domain.
0
Lennart GiaccottoAdministratorAuthor Commented:
Thanks for the comment Chris. We are talking about +/- 200 systems. What is am looking for is a program or script who tells me who is logged on at this right moment. We already have auditing which tells me when someone logged in or logged of. i need something like
query user /server:$SERVER

Open in new window

but for all domain members at once without me having to give up the names of the domain members
0
Webinar: Miercom Evaluates Wi-Fi Security

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom how WatchGuard's Wi-Fi security stacks up against the competition in our upcoming webinar!

Chris DentPowerShell DeveloperCommented:
200... it won't be amazingly fast, this makes the request of 50 computers at once. Once they've all finished you'll get a list (from the Receive-Job line).

The list of computers is pulled from Active Directory. It'll include servers at the moment, you might want a better filter.
$threadLimit = 50

Get-ADComputer -Filter { Enabled -eq $true } | ForEach-Object {
    while ((Get-Job -State Running | Measure-Object).Count -ge $threadLimit) {
        Start-Sleep -Seconds 5
    }
    $null = Start-Job -ArgumentList $_.Name -ScriptBlock {
        Get-CimInstance Win32_ComputerSystem -ComputerName $args[0] -Property Name, UserName
    }
}

Get-Job | Wait-Job | Receive-Job | Select-Object Name, UserName
# Tidy up
Get-Job | Remove-Job

Open in new window

1
Ajit SinghCommented:
Powershell script to see currently logged in users (domain and machine) + status (active, idle, away):
http://stackoverflow.com/questions/23219718/powershell-script-to-see-currently-logged-in-users-domain-and-machine-status

How to track user logon sessions using event log:
https://community.spiceworks.com/how_to/130398-how-to-track-user-logon-sessions-using-event-log

Track users logon events across the company domain:
https://community.spiceworks.com/how_to/2809-track-users-logon-events-across-the-company-domain

Hope this helps!
0
Lennart GiaccottoAdministratorAuthor Commented:
Hi Kevin, Thank you for your post. I already looked at this one. The function sounds promising but when i run it i get no output at all.

@crhis: Thanks for the Script. It seems to work :-). The output is a bit cloudy though. Is it possieble to save the output to a txt file so i can search it and maybe to not show the errors?
WinRM cannot process the request. The following error occurred while using Kerberos authentication: Cannot find the computer <COMPUTERNAME>. Verify that the computer exists on the network and that the name provided is spelled correct
ly.
0
Chris DentPowerShell DeveloperCommented:
Upgraded the error handling. It should tell you if something isn't around now. Added two output options (gridview and file).
$threadLimit = 50

Get-ADComputer -Filter { Enabled -eq $true } | ForEach-Object {
    while ((Get-Job -State Running | Measure-Object).Count -ge $threadLimit) {
        Start-Sleep -Seconds 5
    }
    $null = Start-Job -ArgumentList $_.Name -ScriptBlock {
        try {
            Get-CimInstance Win32_ComputerSystem -ComputerName $args[0] -Property Name, UserName -ErrorAction Stop |
                Add-Member State 'OK' -PassThru
        } catch {
            [PSCustomObject]@{
                Name     = $_.Name
                UserName = ''
                State    = 'Failed ({0})' -f $_.Exception.Message.Trim()
            }
        }
    }
}

# Variable assignment to show different output options
$report = Get-Job | Wait-Job | Receive-Job | Select-Object Name, UserName
# Tidy up
Get-Job | Remove-Job

# GridView
$report | Out-GridView
# File
$report | Export-Csv ComputersAndUsers.csv -NoTypeInformation

Open in new window

1
Lennart GiaccottoAdministratorAuthor Commented:
Powershell on my server seems to crash when i up the limit to 250.
0
Chris DentPowerShell DeveloperCommented:
The thread limit? I'm not surprised, I put it at 50 for a reason :) That's just the number of concurrent requests, it's not the number of machines it'll query in total. It's quite easy to ruin a system by running too many things at once.

I imagine it'll recover, even if it's running 250 simultaneous threads, no fun until it does though.
0
Lennart GiaccottoAdministratorAuthor Commented:
Ah, that explains a lot :-). Now for the last question. This script seems to only display the username who has executed it. how can i let it search for either all users that are logged in or just a specific one?
0
Chris DentPowerShell DeveloperCommented:
The should show the name of the user logged into the PC using the interactive session. If you want users across all sessions things become a little more complex (that's when you need what quser is doing). Is that what you're looking for?
0
Lennart GiaccottoAdministratorAuthor Commented:
I need to see all users accross the complete domain that are currently logged on. also when the session is disconnected
0
Chris DentPowerShell DeveloperCommented:
Okay, no problem. One sec.
0
Chris DentPowerShell DeveloperCommented:
Let's see how this does.
$threadLimit = 50
$regex = '^ *(?<Interactive>\>)?(?<User>\S+) +(?:(?<Session>\S+) +)?(?<ID>\d+) +(?<SessionState>\S+) +(?<IdleTime>\S+) +(?<LogonTime>\S+ \S+)$'

Get-ADComputer -Filter { Enabled -eq $true } | ForEach-Object {
    $computerName = $_.Name

    while ((Get-Job -State Running | Measure-Object).Count -ge $threadLimit) {
        Start-Sleep -Seconds 5
    }
    $null = Start-Job -ArgumentList $computerName, $regex -ScriptBlock {
        param(
            $ComputerName,

            $Regex
        )

        $output = query user /server:$ComputerName 2>&1
        if ($null -ne $output -and $output[1] -is [System.Management.Automation.ErrorRecord]) {
            $_ | Select-Object Name, User, Interactive, Session, ID, SessionState, IdleTime, LogonTime,
                @{n='State';e={
                    'Failed ({0})' -f $output[1].Exception.Message.Trim()
                }}
        } elseif ($null -ne $output) {
            $output | Where-Object { $_ -match $regex } | ForEach-Object {
                [PSCustomObject]@{
                    Name         = $ComputerName
                    User         = $matches.User
                    Interactive  = [Boolean]$matches.Interactive
                    Session      = $matches.Session
                    ID           = $matches.ID
                    SessionState = $matches.SessionState
                    IdleTime     = $matches.IdleTime
                    LogonTime    = Get-Date $matches.LogonTime
                    State        = 'OK'
                }
            }
        }
    }
}

# Variable assignment to show different output options
$report = Get-Job | Wait-Job | Receive-Job | Select-Object * -ExcludeProperty RunspaceId
# Tidy up
Get-Job | Remove-Job

# GridView
$report | Out-GridView
# File
$report | Export-Csv ComputersAndUsers.csv -NoTypeInformation

Open in new window

To search it the output needs to be filtered, searching doesn't really affect what it must do before that. A filter might be like:
$report | Where-Object User  -eq 'someone'

Open in new window

Or:
$report | Where-Object { $_.User -eq 'soemone' -and $_.SessionState -ne 'Active' }

Open in new window

1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Lennart GiaccottoAdministratorAuthor Commented:
Yes! This works beautiful! It gives me a complete list of users logged in anywhere in the domain! Thank you!
0
Lennart GiaccottoAdministratorAuthor Commented:
This Script does exactly what i ask. it shows me every user that is logged in somwhere within the domain
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.