Finding the list of users and machines in Active Directory

Hi guys, on a server 2012 standard DC, where can I locate the LoginLog$ directory that shows the list of users and machines with the login times etc.
It's enabled, just don't know where the file is located
Craig PaulsenSenior Systems EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

yo_beeDirector of Information TechnologyCommented:
I personally never heard of LoginLog$ for keeping track of User and Computer.  The only spot I know where logins are recorded are in the Event Logs on the DC.  If you have the proper auditing enable on the DC (which should be by default)  then the login events are recorded in the event logs, but they are extremely hard to read without some parsing tools.


Here is a powershell script i found in a search https://gallery.technet.microsoft.com/scriptcenter/Get-All-AD-Users-Logon-9e721a89

The issue is that this data is not really stored together.  The script aggregates the security event logs and gather specific event and the details.
from there is looks like it does a DNS lookup for the computer name.  

You would need to create a logon script that will right this to a file.  Its not a difficult script to write if you want to give scripting a stab.
Lee W, MVPTechnology and Business Process AdvisorCommented:
Agreed - never heard of loginlog$ and a google search suggests no one else has either.  It could be something someone in your organization created to record the logins (The $ suggests it's a hidden share) but it's not something other people are going to know about without more information.
Shaun VermaakTechnical SpecialistCommented:
Probably something like this
echo on %date% at %time% user %username% logged into %computername% on %console% authorized by %logonserver%  >>\\someserver\loginlog$\login_logout.txt

Open in new window

Get a highly available system for cyber protection

The Acronis SDI Appliance is a new plug-n-play solution with pre-configured Acronis Software-Defined Infrastructure software that gives service providers and enterprises ready access to a fault-tolerant system, which combines universal storage and high-performance virtualization.

yo_beeDirector of Information TechnologyCommented:
@Shaun you have heard of this?
yo_beeDirector of Information TechnologyCommented:
@Craig

Where did you hear about this and if you have any links I think we are all curious. ?
Shaun VermaakTechnical SpecialistCommented:
Taking a stab at it
Craig PaulsenSenior Systems EngineerAuthor Commented:
thanks all for your responses, and apologies for only getting back to you all now,
Guess my explanation of what I'm wanting is poor, compared the other environment (User AD profile properties) and can confirm they have a login script configured that I suspect collects this info and stores it centrally "somewhere"
in turn, I would usually browse to this hidden share, search for a particular computer name, and it will display info like whose logged on etc, basically I just want the ability to input a computer name and for it display information about whose logged on, OS details, Serial no#,last boot time, system memory etc, user profile drive mapping. etc.......
yo_beeDirector of Information TechnologyCommented:
You will need to use WMI to do majority of the values you are looking for.  Here is the script that I use and I have it write to and MSSQL DB.

Here is an example of what I use:
'************************************************************************************
'*         XXXX Logon Script to collect Basic details								*
'*         Create by XXXXXXXXXXXXX XXXXXXXXXXXXX on 2/24/2010									*	
'*         Updated by XXXXXXXXXXXXX XXXXXXXXXXXXX on 4/6/2014									*
'*         recent updates: Collecting IP and MAC address     						*
'************************************************************************************

	on error resume next
	Const adOpenStatic = 3
	Const adLockOptimistic = 3
	Const adUseClient = 3
	' Set the WMI Time,ADODB Connection and Recordset Objects
	Set objSWbemDateTime = CreateObject("WbemScripting.SWbemDateTime")
	Set objConnection = CreateObject("ADODB.Connection")
	Set objRecordset = CreateObject("ADODB.Recordset")

	Dim StrComputerName, StrUser, strManufacturer, StrModel, StrSN, StrIP,StrMAC, IP

'************************************************************************************
'Data Collection																	*
'************************************************************************************
	'sets the WMI Object for all upcoming collections
	'This Object can reused for any Collection connection required
'************************************************************************************
	set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\." _
								&"\root\cimv2")
'************************************************************************************
	'Collects the basic Computer System information 
	'by connecting to the Win32_ComputerSystem Class
	'UserName,ComputerName of the User, Make and Model of the computer
'************************************************************************************
	 Set colSystems = objWMIService.ExecQuery("SELECT * FROM Win32_ComputerSystem")
		For Each objSystem In colSystems
			strComputerName = objSystem.name
			strModel = objsystem.Model
			strManufacturer = objsystem.Manufacturer
			If Not (ISNULL(objsystem.UserName)) then 
				strUser = Split(objsystem.UserName,"\")
				strUser(1) = UCase(Left(strUser(1),1))_
				& Trim(Mid(strUser(1),2,20))
			else
				Struser = split("\RDP-Session","\")
				strUser(1) = UCase(Left(strUser(1),1))_
				& Trim(Mid(strUser(1),2,20))
			End If
		next
'************************************************************************************
	'Collects the Computer's Serial Number by connecting to the Win32_Bios Class
'************************************************************************************
	Set colSMBIOS = objWMIService.ExecQuery _
		("Select * from Win32_bios")
	For Each objSMBIOS in colSMBIOS
		strSN = objSMBIOS.SerialNumber
    Next
'************************************************************************************
	'Collects the Computers IP and MAC address by connecting to the 
	'Win32_NetworkAdapterConfiguration.  
	'If the IP-Address does not have 192. in the beginning then 
	'nothing is recorded for the item 
	'If the item has 192. in the beginning then the item is recorded
	'as well as the MAC
'************************************************************************************
	Set ColIP =objWMIService.ExecQuery("Select * from Win32_NetworkAdapterConfiguration WHERE IPEnabled = 'True'")
			
		For Each IPConfig in Colip
				If Not IsNull(IPConfig.IPAddress)  Then 
					For i = lbound(IPConfig.IPAddress) to ubound(IPConfig.IPAddress) 
							IP = IPConfig.IPAddress(i)
						
					If instr(ip,"192.")  then
						If i = 0 then
							 
							Strip = ip
							StrMAC = IPConfig.MacAddress 
							
						else
							Strip = Strip & ", " & ip 
								If StrMAC <> IPConfig.MacAddress then
									StrMac = StrMac & ", " & IPConfig.MacAddress
								end if		
						End if
					end if
					next
				End If
		Next

			
	'
'************************************************************************************
	'This will collect the logon session time
	'It is not needed for this script, but it was left here for
	'future possibilities. 
	'It was originally put in the script to create a unique ID for the 
	'for the record being created by creating a string yyyymmddhhMMSS
'************************************************************************************
	Set ColLogon = objwmiservice.execquery("Select * from Win32_LogonSession Where LogonType = 2")

		For Each objLogon in ColLogon
			strDate = WMIDateStringToDate(objlogon.StartTime)
			strTime = WMIDateStringTotime(objlogon.StartTime)
			objSWbemDateTime.value = Objlogon.starttime
			vtdLogonTime = objSWbemDateTime.GetVarDate(true)
			StrDateDiff = DATEDIFF("s", vtdLogonTime ,now)
			
		Next

	StrID= year(vtdLogonTime) & month(vtdLogonTime) & day(vtdLogonTime) & Hour(vtdLogonTime) & Minute(vtdLogonTime) & Second(vtdLogonTime)


'************************************************************************************
'*			            Connection to the Datadase									*
'************************************************************************************
'************************************************************************************
	'Creates the ADODB Connection string 
'************************************************************************************
	strConnect = "Provider = SQLOLEDB.1;Data Source=XXXXSQL04;Initial Catalog=Inventory;User ID='sa';Password='***********'"
'************************************************************************************
	'Connects to the Database using the ADODB.connection object created earlier
'************************************************************************************	
	objConnection.Open strConnect
'************************************************************************************
	'This is the part the records the new records to the database
	'There is an IF Than Statement that is currently still in the 
	'script to challenge the computer name and if it does not match
	'XXXXcitrix the script continues to record else the script is 
	'ended.
	'At the end of the script the recordset and connection is
	'closed
'************************************************************************************
		

	objRecordset.CursorLocation = adUseClient
	objRecordset.Open "SELECT * FROM Table1_1" , objConnection, _
		adOpenStatic, adLockOptimistic
		
		objRecordset.AddNew
		objRecordset("ID") = strID
		objRecordset("ComputerName")= StrComputerName
		objRecordset("UserName")= StrUser(1)
		objRecordset("ComputerManufacturer")= strManufacturer
		objRecordset("ComputerModel")= strModel
		objRecordset("ComputerSN")= strSN
		objrecordset("Recorddate") = now
		objrecordset("IPAddress") = StrIP
		Objrecordset("macaddress") = StrMac
		
		objRecordset.Update
		
		
	objRecordset.Close
	objConnection.Close
'************************************************************************************

'************************************************************************************
'*								Function											*
'************************************************************************************
	'This function is to convert WMI DateTime to a standard readable US Date format
	' mm/dd/yyyy
	Function WMIDateStringToDate(dtmInstallDate)

	 WMIDateStringToDate = CDate(Mid(dtmInstallDate, 5, 2) & "/" & _
	 Mid(dtmInstallDate, 7, 2) & "/" & Left(dtmInstallDate, 4))
	End Function
'************************************************************************************
	'This function is to convert WMI DateTime to a standard readable US Time Format
	' hh:MM:ss
'************************************************************************************
	Function WMIDateStringTotime(dtmInstallDate)

	 WMIDateStringTotime = CDate(Mid(dtmInstallDate, 9, 2) & ":" & _
	 Mid(dtmInstallDate, 11, 2) & ":" & Mid(dtmInstallDate,13, 2))

	End Function
'************************************************************************************

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Craig PaulsenSenior Systems EngineerAuthor Commented:
thanks all again, you were all right, this is something set up via a login script awhile ago by the previous admin.
yo_beeDirector of Information TechnologyCommented:
Craig,

Did you use my solution?  If not I would see if you can get the points spread evenly across all the contributors?
Craig PaulsenSenior Systems EngineerAuthor Commented:
no I didn't user your script, I need to adapt it at some point to work in our environment, might look at this in the weeks to come. No pressing need for it just yet.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.