How to find an ip address associated with AD username

Is there a way on a windows server (2012 or 2008) to see the username associated with a dynamic ip address?  Or maybe a sofware that can do this?
mkramer777Asked:
Who is Participating?
 
Travis MartinezSmoke JumperCommented:
There is a PowerShell script that will find the DNS name the user is logged into.  The reference is here:

https://social.technet.microsoft.com/Forums/ie/en-US/d69d41c4-a3df-4472-ade0-f51ec2e2a2e0/powershell-find-computers-that-a-specific-us-is-logged-on?forum=winservergen

The code I've used to test with is:

# ********************************************************************************
#
# Script Name: QueryUsersForLastLogon.ps1
# Version: 1.0
# Author: CRA
# Date: 13.01.15
# Location: 
# Applies to: Computers
#
# Description: This script searches for a specific, logged on user on all or 
# specific Computers by checking the process "explorer.exe" and its owner.
#
# ********************************************************************************

#Set variables
$progress = 0

#Get Admin Credentials
Function Get-Login {
Clear-Host
Write-Host "Please provide admin credentials (for example DOMAIN\admin.user and your password)"
$Global:Credential = Get-Credential
}
Get-Login

#Get Username to search for
Function Get-Username {
	Clear-Host
	$Global:Username = Read-Host "Enter username you want to search for"
	if ($Username -eq $null){
		Write-Host "Username cannot be blank, please re-enter username!"
		Get-Username
	}
	$UserCheck = Get-ADUser $Username
	if ($UserCheck -eq $null){
		Write-Host "Invalid username, please verify this is the logon id for the account!"
		Get-Username
	}
}
Get-Username

#Get Computername Prefix for large environments
Function Get-Prefix {
	Clear-Host
	$Global:Prefix = Read-Host "Enter a prefix of Computernames to search on (CXX*) use * as a wildcard or enter * to search on all computers"
	Clear-Host
}
Get-Prefix

#Start search
$computers = Get-ADComputer -Filter {Enabled -eq 'true' -and SamAccountName -like $Prefix}
$CompCount = $Computers.Count
Write-Host "Searching for $Username on $Prefix on $CompCount Computers`n"

#Start main foreach loop, search processes on all computers
foreach ($comp in $computers){
	$Computer = $comp.Name
	$Reply = $null
  	$Reply = test-connection $Computer -count 1 -quiet
  	if($Reply -eq 'True'){
		if($Computer -eq $env:COMPUTERNAME){
			#Get explorer.exe processes without credentials parameter if the query is executed on the localhost
			$proc = gwmi win32_process -ErrorAction SilentlyContinue -computer $Computer -Filter "Name = 'explorer.exe'"
		}
		else{
			#Get explorer.exe processes with credentials for remote hosts
			$proc = gwmi win32_process -ErrorAction SilentlyContinue -Credential $Credential -computer $Computer -Filter "Name = 'explorer.exe'"
		}			
			#If $proc is empty return msg else search collection of processes for username
		if([string]::IsNullOrEmpty($proc)){
			write-host "Failed to check $Computer!"
		}
		else{	
			$progress++			
			ForEach ($p in $proc) {				
				$temp = ($p.GetOwner()).User
				Write-Progress -activity "Working..." -status "Status: $progress of $CompCount Computers checked" -PercentComplete (($progress/$Computers.Count)*100)
				if ($temp -eq $Username){
				write-host "$Username is logged on $Computer"
				}
			}
		}	
	}
}
write-host "Search done!"

Open in new window

0
 
Joseph HornseyPresident and JanitorCommented:
You can go into DHCP and look at the reservations and see the computer that has the IP address.  That's pretty much it.

DHCP is associated with the computer, not the user.

You might be able to track down the user logon by searching the Security log in Event Viewer using that computer name or the IP address in the filter.
0
 
Bryant SchaperCommented:
we wrote a login script back in the day to log it to a text file, you could also look at AD Audit from ManageEngine for a package solution.  Lastly you can scan for the login event on the domain controller for that user.  Not sure of the event code off the top of my head but google knows.
0
 
Shaun VermaakTechnical Specialist/DeveloperCommented:
You can use the first part of my article to get the username added to the computer description which you can then compare to the IP address via the hostname
https://www.experts-exchange.com/articles/30891/Automated-object-placement-using-AutoAD.html
0
 
Rob WilliamsCommented:
Lots of options :-)
nbtstat  -A  IPadress   (such as nbtstat  -a  192.168.123.123)  will return the PC name.
You can then run Systernals (now Microsoft) free PSLoggedOn to see who is logged into that machine.  I believe you can even run using the IP so you don't have to use nbtstat
psloggedon  \\192.168.123.123
https://docs.microsoft.com/en-us/sysinternals/downloads/psloggedon
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.