none
How to find AD user Login details

    Question

  • I have active directory configured in windows server 2012 r2. I want to collect logs of a particular user or Multiple users. The logs must show the login time, logout time, system operating system, IP address etc.  How can I do it?
    Monday, March 27, 2017 8:46 AM

All replies

  • Event log should help you to collect such information.

    You can follow this article https://community.spiceworks.com/how_to/130398-how-to-track-user-logon-sessions-using-event-log which covers the required steps and track user logon session using event log.

    Here is another resource http://www.lepide.com/blog/audit-successful-logon-logoff-and-failed-logons-in-activedirectory/ to audit users logon/logoff and failed logon attempts in active directory.

    Monday, March 27, 2017 9:21 AM
  • Hi

     You can configure a logon script for all users and apply this,follow the steps on this article;

    https://blog.thesysadmins.co.uk/active-directory-user-logon-time-and-date-2.html


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Proposed as answer by VenkatSP Tuesday, March 28, 2017 2:31 PM
    Monday, March 27, 2017 9:25 AM
  • Hi,
    As far as I know, login time and logout time could be get by enabling auditing policy: https://support.microsoft.com/en-us/help/556015
    However, operating system and IP address are not stored in AD, maybe, you could have a try looking at the DHCP or DNS manager. Based on my knowledge, DNS Manager should have a list of computer names and what IP address they have been assigned.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, March 28, 2017 5:59 AM
    Moderator
  • If it helps, I wrote VBScript logon and logoff scripts years ago that append date, time, user name, and computer name to a shared log file:

    http://www.rlmueller.net/Logon5.htm

    The logon script also appended the client IP address in the log file. Another script linked on the page parses the log files for logon sessions, defined as the combination of a user and a computer, and calculated how long the user was logged on. For operating system, you would retrieve the DN of the local computer from the ADSystemInfo object, bind to the computer object in AD, and retrieve the value of the operatingSystem attribute. If memory serves me, similar to below in VBScript:

    Set objSysInfo = GetObject("ADSystemInfo")
    strComputerDN = objSysInfo.ComputerName
    Set objComputer = GetObject("LDAP://" & strComputerDN)
    strOS = objComputer.operatingSystem
    

    Similar can be done using PowerShell.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    • Proposed as answer by Nedim Mehic Tuesday, March 28, 2017 1:36 PM
    Tuesday, March 28, 2017 1:27 PM
  • Hi,

    Just checking in to see if the information provided was helpful. And if the replies as above are helpful, we would appreciate you to mark them as answers, please let us know if you would like further assistance.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, March 31, 2017 9:15 AM
    Moderator