none
如何在使用PowerShell脚本或者VBS脚本,查看域内正在登录的域用户名、主机名和主机IP地址 RRS feed

  • 问题

  • 域管理员希望能通过PowerShell或者VBS脚本,查看当前域内正在登录的账号名称、客户端主机名称和客户端主机IP地址。以前看过论坛中的一个帖子是说通过VBS脚本来查看,但是只能看到主机名和登录账号名,但我不知道如何变更脚本代码,把IP地址也显示出来(代码如下)。

    ' Script for getting current logged user name on Domain
    ' Author : mwpq
    ' www.sharecenter.net
    strDomainName = InputBox ("Please enter the internal Domain Name:","Script for getting current logged username","yourdomain.local")
    arrDomLevels = Split(strDomainName, ".")
    strADsPath = "dc=" & Join(arrDomLevels, ",dc=")

    Const ADS_SCOPE_SUBTREE = 2
    Set objConnection = CreateObject("ADODB.Connection")
    Set objCommand =   CreateObject("ADODB.Command")
    objConnection.Provider = "ADsDSOObject"
    objConnection.Open "Active Directory Provider"'
    Set objCOmmand.ActiveConnection = objConnection
    objCommand.CommandText = _
       "Select Name, Location from 'LDAP://"&strADsPath&"' " _
          & "Where objectClass='computer'" 
    objCommand.Properties("Page Size") = 1000
    objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
    Set objRecordSet = objCommand.Execute
    objRecordSet.MoveFirst
    Set oFSO = CreateObject("Scripting.FileSystemObject")
    Set of = oFSO.CreateTextFile("LoggedUser.txt", True, True)
    Do Until objRecordSet.EOF
       On Error Resume Next
       sPC = objRecordSet.Fields("Name").Value
        of.writeline " "
     of.writeline "Machine Name: "&sPC
     
     Set objWMILocator = GetObject("winmgmts:" _
        & "{impersonationLevel=impersonate}!\\" & sPC & "\root\cimv2")
       
        If Err = 0 Then
           
     Set col =  objWMILocator.ExecQuery _
        ("Select * from win32_computersystem")
     
     For Each item In col
     
      
      of.writeline  "Logged User: "&item.username
      
     Next
     Set col = Nothing
     Else
     of.writeline "!!! Cant connect to "&sPC&" !!!"
     
     End If
    objRecordSet.MoveNext
    Loop
    of.close
    MsgBox "Done! Cheers!"


    2016年9月8日 2:48

答案

  • 你好 Tiger,

    这是我之前写的一个相关PS 脚本你看看能否帮到你,如果有帮助的话,麻烦mark下如果没有请在这里反馈下我会提供进一步协助。

    $explorerprocesses = @(Get-WmiObject -Query "Select * FROM Win32_Process WHERE Name='explorer.exe'" -ErrorAction SilentlyContinue)
    if ($explorerprocesses.Count -eq 0)
    {
        "No explorer process found / Nobody interactively logged on"
    } else {
        foreach ($i in $explorerprocesses)
        {
            $Username = $i.GetOwner().User
            $Domain = $i.GetOwner().Domain
            $pscomputername = (gwmi win32_networkadapterconfiguration -Filter 'index=10').pscomputername
            if($pscomputername -eq $i.PSComputerName)
            {
                $ipaddress = gwmi win32_networkadapterconfiguration -Filter 'index=10' | select -Property ipaddress
            }
            $Domain + "\" + $Username +" "+"ip&mac:"+$ipaddress.ipaddress+ " logged on $($i.PSComputerName) since: " + ($i.ConvertToDateTime($i.CreationDate))
        }
    }

    另外,以后你可以在PowerShell论坛发表相关PS帖子。

    地址:https://social.technet.microsoft.com/Forums/office/zh-CN/home?forum=winserverpowershell&filter=alllanguages

    Best regards,

    Andy_Pan


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2016年9月8日 6:50

全部回复

  • 你好 Tiger,

    这是我之前写的一个相关PS 脚本你看看能否帮到你,如果有帮助的话,麻烦mark下如果没有请在这里反馈下我会提供进一步协助。

    $explorerprocesses = @(Get-WmiObject -Query "Select * FROM Win32_Process WHERE Name='explorer.exe'" -ErrorAction SilentlyContinue)
    if ($explorerprocesses.Count -eq 0)
    {
        "No explorer process found / Nobody interactively logged on"
    } else {
        foreach ($i in $explorerprocesses)
        {
            $Username = $i.GetOwner().User
            $Domain = $i.GetOwner().Domain
            $pscomputername = (gwmi win32_networkadapterconfiguration -Filter 'index=10').pscomputername
            if($pscomputername -eq $i.PSComputerName)
            {
                $ipaddress = gwmi win32_networkadapterconfiguration -Filter 'index=10' | select -Property ipaddress
            }
            $Domain + "\" + $Username +" "+"ip&mac:"+$ipaddress.ipaddress+ " logged on $($i.PSComputerName) since: " + ($i.ConvertToDateTime($i.CreationDate))
        }
    }

    另外,以后你可以在PowerShell论坛发表相关PS帖子。

    地址:https://social.technet.microsoft.com/Forums/office/zh-CN/home?forum=winserverpowershell&filter=alllanguages

    Best regards,

    Andy_Pan


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2016年9月8日 6:50
  • 您好!

    由于该帖长时间未有响应。我们将把之前的回复标记为答复。如果您需要我们的继续协助,您可以随时在该帖下回复,同时您可以根据实际情况取消作为答复。

    感谢您的理解与支持。

    Best Regards,

    Andy


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2016年9月29日 7:43