none
Users login and workstation details in AD

    Question

  • Hi,

    I would like to know that is there any option to find that which user is logged in/using which machine in AD domain?. Its basically to identify and map the users login with respect to machine. I believe  that this was possible in WIndows NT environemnt through tools but not recollecting the details and also not able to find anything in Windows 2003/2008n AD anvironment.

    Kindly suggest for any possible solution and if tools required.


    Regards:Mahesh

    Monday, March 19, 2012 5:07 AM

Answers

  • Simple Method is to login to any of your server and go to my computer-manage-system tools-shared folders-sessions ( It's limitation is, only it displays few of the records). It will give you the IP address , User login ID, Computer name.

    Or you can use below link from which you can download the software and try to get the records.

    http://www.logicdevelopment.net/adloggedin/

    Note- Please test this tool in Lab environment before you can proceed with Production.

    Or you can use scripts to accomplish this.

    Follow Below links which includes the script

    http://community.spiceworks.com/scripts/show/878-find-out-who-is-logged-on-to-a-computer

    Monitor who log in and log off without a software.

    http://community.spiceworks.com/how_to/show/82

    Or you can use group policy to accomplish this.

    http://itknowledgeexchange.techtarget.com/itanswers/which-domain-user-has-logged-onto-which-machine/

    If you have sccm in your enviornment then it will easy to pull out the records of which user logged into which computer.(This is good practice).

    Follow Below Thread.

    http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/4cde1a2b-eb0e-458c-b494-0b4b123db3a8/

    Hope this information helps you.

    Regards,

    _Prashant_


    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    • Marked as answer by A.Mahesh Tuesday, March 20, 2012 4:47 AM
    Monday, March 19, 2012 5:42 AM
  • Machine login information is not stored in the AD,s o you won't be able to exact which user from which PC is login to the DC. You can limit the user logon to specific PC using ADUC. Open ADUC> Right click user> properties>Account tab> LogOnTo> Select the computer you want use to login.

    There is a tool called limitlogon but i don't think it works wit windows 2008 and above. You can also use below script

    @echo off
    echo Logon %date% %time% %UserName% %ComputerName% >> \\ServerName\LogonShare\Logon.log

    https://msmvps.com/blogs/kwsupport/archive/2005/02/24/36942.aspx


    Awinish Vishwakarma - MVP-DS

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    • Marked as answer by A.Mahesh Tuesday, March 20, 2012 4:46 AM
    Monday, March 19, 2012 9:25 AM
  • Hello,

    I would agree with Awinish.

    I just want to add some updates to the script so that it becomes more readable with Excel.

    The steps are:

    • Create a Shared folder on a server: Let's suppose that its name is Server1
    • Give right NTFS and share permissions on this share
    • Create a new Batch file with the following command: echo %username% ; %computername% ; %date% ; %time% >> \\Server1\Share\logons.csv
    • Add the Batch file as a logon script

    The output is a CSV file named logons.csv which displays the needed information in separate columns with the use of Excel.



    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    • Marked as answer by A.Mahesh Tuesday, March 20, 2012 4:46 AM
    Monday, March 19, 2012 10:00 AM
  • As others mentioned here, there is no user->machine mapping information in AD.  Workstation information can be dynamic and it gets updated all the time.  Other option is to check the use profile updated date using the script.  Here is an example - http://portal.sivarajan.com/2010/07/user-profile-and-os-info-powershell.html

    What are you trying to accomplish?  If your goal is enforce a login restriction you can use this script - http://portal.sivarajan.com/2011/05/modify-log-on-to-userworkstations-user.html


    Santhosh Sivarajan | Houston, TX
    http://www.sivarajan.com/

    FaceBook Twitter LinkedIn SS Tech Forum

    This posting is provided AS IS with no warranties,and confers no rights.

    • Marked as answer by A.Mahesh Tuesday, March 20, 2012 4:46 AM
    Monday, March 19, 2012 1:59 PM
  • As Mr. X noted, a logon script as simple as the following will create a log file you can use to check who was (or is) logged into each computer:

    @echo off
    echo %date% %time% Logon %UserName% %ComputerName% >> \\MyServer\MyShare\LogTimes.log

    -----

    For similar purposes, I have logon and logoff VBScript programs (to be specified as logon and logoff scripts in a GPO) linked here, which create a log file documenting both logons and logoffs:

    http://www.rlmueller.net/Logon5.htm

    There are also Startup and Shutdown scripts linked on the page, if that helps. I also link VBScript programs on the page to parse the log file for user logon sessions or computer sessions.


    Richard Mueller - MVP Directory Services

    • Marked as answer by A.Mahesh Tuesday, March 20, 2012 4:46 AM
    Monday, March 19, 2012 3:24 PM

All replies

  • Simple Method is to login to any of your server and go to my computer-manage-system tools-shared folders-sessions ( It's limitation is, only it displays few of the records). It will give you the IP address , User login ID, Computer name.

    Or you can use below link from which you can download the software and try to get the records.

    http://www.logicdevelopment.net/adloggedin/

    Note- Please test this tool in Lab environment before you can proceed with Production.

    Or you can use scripts to accomplish this.

    Follow Below links which includes the script

    http://community.spiceworks.com/scripts/show/878-find-out-who-is-logged-on-to-a-computer

    Monitor who log in and log off without a software.

    http://community.spiceworks.com/how_to/show/82

    Or you can use group policy to accomplish this.

    http://itknowledgeexchange.techtarget.com/itanswers/which-domain-user-has-logged-onto-which-machine/

    If you have sccm in your enviornment then it will easy to pull out the records of which user logged into which computer.(This is good practice).

    Follow Below Thread.

    http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/4cde1a2b-eb0e-458c-b494-0b4b123db3a8/

    Hope this information helps you.

    Regards,

    _Prashant_


    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    • Marked as answer by A.Mahesh Tuesday, March 20, 2012 4:47 AM
    Monday, March 19, 2012 5:42 AM
  • Hi

    Thanks for the details.

    Getting the information from shared folder is not feasible since it will not fetch the user details if user is not accessing the shared folder.

    I found one good script but it provides the details of user who logged in specific computer.

    http://community.spiceworks.com/scripts/show/878-find-out-who-is-logged-on-to-a-computer

    It will be great if we can findsomethig to fetch all user details or site specific user details who logged in to their desktop/laptop.


    Regards:Mahesh

    Monday, March 19, 2012 8:24 AM
  • Machine login information is not stored in the AD,s o you won't be able to exact which user from which PC is login to the DC. You can limit the user logon to specific PC using ADUC. Open ADUC> Right click user> properties>Account tab> LogOnTo> Select the computer you want use to login.

    There is a tool called limitlogon but i don't think it works wit windows 2008 and above. You can also use below script

    @echo off
    echo Logon %date% %time% %UserName% %ComputerName% >> \\ServerName\LogonShare\Logon.log

    https://msmvps.com/blogs/kwsupport/archive/2005/02/24/36942.aspx


    Awinish Vishwakarma - MVP-DS

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    • Marked as answer by A.Mahesh Tuesday, March 20, 2012 4:46 AM
    Monday, March 19, 2012 9:25 AM
  • Hello,

    I would agree with Awinish.

    I just want to add some updates to the script so that it becomes more readable with Excel.

    The steps are:

    • Create a Shared folder on a server: Let's suppose that its name is Server1
    • Give right NTFS and share permissions on this share
    • Create a new Batch file with the following command: echo %username% ; %computername% ; %date% ; %time% >> \\Server1\Share\logons.csv
    • Add the Batch file as a logon script

    The output is a CSV file named logons.csv which displays the needed information in separate columns with the use of Excel.



    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    • Marked as answer by A.Mahesh Tuesday, March 20, 2012 4:46 AM
    Monday, March 19, 2012 10:00 AM
  • As others mentioned here, there is no user->machine mapping information in AD.  Workstation information can be dynamic and it gets updated all the time.  Other option is to check the use profile updated date using the script.  Here is an example - http://portal.sivarajan.com/2010/07/user-profile-and-os-info-powershell.html

    What are you trying to accomplish?  If your goal is enforce a login restriction you can use this script - http://portal.sivarajan.com/2011/05/modify-log-on-to-userworkstations-user.html


    Santhosh Sivarajan | Houston, TX
    http://www.sivarajan.com/

    FaceBook Twitter LinkedIn SS Tech Forum

    This posting is provided AS IS with no warranties,and confers no rights.

    • Marked as answer by A.Mahesh Tuesday, March 20, 2012 4:46 AM
    Monday, March 19, 2012 1:59 PM
  • As Mr. X noted, a logon script as simple as the following will create a log file you can use to check who was (or is) logged into each computer:

    @echo off
    echo %date% %time% Logon %UserName% %ComputerName% >> \\MyServer\MyShare\LogTimes.log

    -----

    For similar purposes, I have logon and logoff VBScript programs (to be specified as logon and logoff scripts in a GPO) linked here, which create a log file documenting both logons and logoffs:

    http://www.rlmueller.net/Logon5.htm

    There are also Startup and Shutdown scripts linked on the page, if that helps. I also link VBScript programs on the page to parse the log file for user logon sessions or computer sessions.


    Richard Mueller - MVP Directory Services

    • Marked as answer by A.Mahesh Tuesday, March 20, 2012 4:46 AM
    Monday, March 19, 2012 3:24 PM
  • Hi,

    You could try using PStools. Please refer the link below:

    http://technet.microsoft.com/en-us/sysinternals/bb896649

    Thanks,

    Prosper.

    Monday, March 19, 2012 3:46 PM