I was wondering if it was possible to see a particular logged-in domain user's IP address(es). I've done it in eDirectory, and I'm fairly sure you can't do it in early versions of Windows Server, but I heard it was possible in Server 2008. Ideally I'd like an LDAP query.
Asked
Active
Viewed 3,949 times
2 Answers
3
If you audit logins on domain controllers then you could dig the IP out of the Event Logs on the individual DCs. But it's not in AD.
Chris S
- 77,945
- 11
- 124
- 216
2
After we migrated from eDirectory to AD we struggled with this one. Each DC individually tracks the last address a user logged in from, but it isn't a replicated value. To get it you'll have to query every DC to get the list. I don't remember the attribute off the top of my head, unfortunately, I'll have to look it up. It didn't turn out nearly as useful as NetworkAddress was in eDir. Edit: I was wrong, what I was thinking of was the 'last login time' attribute. The network address is NOT stored in AD.
Currently we've punted on this one and given up on LDAP. I wrote a powershell script that parses the Security logs for login/logout/lockout events and populates the values into a database. LastLogin is tracked as part of this. Unlike NetworkAddress, this also gives a login history for the user which is very handy.
sysadmin1138
- 133,124
- 18
- 176
- 300