none
How to get Inactive Logged on users using powershell script RRS feed

  • Question

  • Hi Team, 

    Could you help me with a power shell cmdlet or script which gives Inactive Logged on Users. I want to collect the Inactive users time and log off them. 

    Please guide me here. 

    Thankful ........ 

    Friday, May 6, 2016 10:20 AM

Answers

  • As I understand the question, you want to find users that are currently logged on, but have been logged on for more than some specified amount of time without logging off. By inactive, I think you mean inactive session (actually, an active session, but an inactive user).

    One solution would be logon and logoff scripts configured in a Group Policy. Both scripts would log (append) information to a shared log file. The information would include date, time, computer name, user name, and whether logon or logoff. A script could then parse the log file and output sessions, including those where the user has not logged off yet. I actually developed VBScript logon/logoff scripts for a similar purpose years ago, linked here:

    http://www.rlmueller.net/Logon5.htm

    You could use scripts similar to logon5.vbs, logoff5.vbs, and ParseLogons.vbs linked on the page. However, you could also use simple batch files for the logon and logoff scripts, as long as the fields appended to the log file match what ParseLogons.vbs expects. For example, the logon batch file could be:

    @echo off
    echo Logon;%date% %time%;%computername% %username% >> \\MyServer\LogFile\Domain.log

    A similar script would be used for logoff, except it would echo "Logoff" instead of "Logon".

    Another option might be to use WMI to contact each computer and retrieve session information. I haven't done this in a long time, but I assume it is still possible. However, it could take a long time.

    I should note that Active Directory does not track who logs into which computer, or whether they have logged in but not logged off. The best AD has is the lastLogon attribute, and that is not replicated so a script would need to contact every DC in the domain to get the actual value. And of course that would not tell you if the user has subsequently logged off.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Friday, May 6, 2016 2:28 PM
    Moderator
  • None of this tells if user is inactive.  Terminal services API keeps  track of inactive time but is not exposed to scripting..  Citrix has a class that can retrieve this.

    http://serverfault.com/questions/430189/how-to-read-terminal-services-manager-idle-time

    You can use QUERY USER /SERVER:system and parse the results.


    \_(ツ)_/

    Friday, May 6, 2016 3:32 PM

All replies

  • Get-ADUser -Filter {(LastLogonTimeStamp -lt [datetime]::Today.AddDays(-90)) -and (enabled -eq $true)} -Properties LastLogonTimeStamp | Select Name,lastLogonTimestamp |export-csv c:\a.csv -Notypeinformation




    Friday, May 6, 2016 10:44 AM
  • As I understand the question, you want to find users that are currently logged on, but have been logged on for more than some specified amount of time without logging off. By inactive, I think you mean inactive session (actually, an active session, but an inactive user).

    One solution would be logon and logoff scripts configured in a Group Policy. Both scripts would log (append) information to a shared log file. The information would include date, time, computer name, user name, and whether logon or logoff. A script could then parse the log file and output sessions, including those where the user has not logged off yet. I actually developed VBScript logon/logoff scripts for a similar purpose years ago, linked here:

    http://www.rlmueller.net/Logon5.htm

    You could use scripts similar to logon5.vbs, logoff5.vbs, and ParseLogons.vbs linked on the page. However, you could also use simple batch files for the logon and logoff scripts, as long as the fields appended to the log file match what ParseLogons.vbs expects. For example, the logon batch file could be:

    @echo off
    echo Logon;%date% %time%;%computername% %username% >> \\MyServer\LogFile\Domain.log

    A similar script would be used for logoff, except it would echo "Logoff" instead of "Logon".

    Another option might be to use WMI to contact each computer and retrieve session information. I haven't done this in a long time, but I assume it is still possible. However, it could take a long time.

    I should note that Active Directory does not track who logs into which computer, or whether they have logged in but not logged off. The best AD has is the lastLogon attribute, and that is not replicated so a script would need to contact every DC in the domain to get the actual value. And of course that would not tell you if the user has subsequently logged off.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Friday, May 6, 2016 2:28 PM
    Moderator
  • None of this tells if user is inactive.  Terminal services API keeps  track of inactive time but is not exposed to scripting..  Citrix has a class that can retrieve this.

    http://serverfault.com/questions/430189/how-to-read-terminal-services-manager-idle-time

    You can use QUERY USER /SERVER:system and parse the results.


    \_(ツ)_/

    Friday, May 6, 2016 3:32 PM