0

We recently setup GFI WebMonitor on our network which is giving me back IP's instead of User's. I'm in the process of determining whether we will be able to implement authentication on the proxy to use ISA or TMG to let it resolve but for the moment I need a way to quickly and accurately generate a list of AD usernames and the current corresponding IP address from the DHCP server. This is surprisingly more difficult then I originally anticipated.

Is there a away to either scan the IP range and get a list of usernames or scan the active directory user list and get the IP ?

I've been fooling around with nmap and powershell to do this but am currently up against a wall.

Edit

The easiest way I have actually found to accomplish this is to use a network mapping utility called netview. It generates a list of all PC's active on AD and the users logged in along with some other good info (shares, admin status etc.)

bumble_bee_tuna
  • 443
  • 11
  • 26
  • I just run a little GPO'd logon script which writes all the useful stuff to a networked textfile as a user logs on to a computer (logontime, username, computername, IP, computer service tag, OS ver. etc). Quickly implemented and very unsophisticated, but surprisingly effective when one needs it compared to the inventory system we also have. In seconds I can get a list of all computers a user has logged on to, and so forth. – ErikE Feb 23 '15 at 21:50
  • In a larger network I would just log to a database instead, it has proved to be one of my most valuable fire-and-forget quick-hacks so far. – ErikE Feb 23 '15 at 21:58
  • Usernames have nothing at all to do with DHCP. – mfinni Feb 23 '15 at 22:24
  • 1
    Technically, yes. But mapping a username to an ip can still be quite valuable. For instance to quickly determine which set of firewall rules actually apply, when a user calls in not knowing much more than his/her own name and problem. – ErikE Feb 23 '15 at 22:55
  • @ErikE Thanks for the idea. I am a developer could you provide some additional information about how I could do the GOP logon script ? Thanks again – bumble_bee_tuna Feb 24 '15 at 16:59

2 Answers2

1

Just a quick idea.

This will give you a hostname to IP relationship. To get usernames my be a little more involved. 

 For /f in (listofIPs.bat) do (
 Netsh DHCP \\<yourDHCPServername> scope <your dynamic scope> show client 1 | finstr "%%a"
 )

Then you need to parse and query each IP for logged on users. Good luck!

Get-HomeByFiveOClock
  • 458
  • 5
  • 13
1

You could create a logon script enabled through a GPO in your Active Directory as described here for instance.

The following script leaves much to be desired but is a way of getting started:

$file ="\\yourfileserver\`$hiddenshare\WhoLoggedOnWhere.log"

$logontime = (get-date -format o).split("{+}")[0] -Replace ":","."
$domain = [Environment]::userdomainname
$user = [Environment]::username
$machine = [Environment]::machinename
$servicetag = Get-WmiObject win32_SystemEnclosure | select serialnumber
$IPAddr = Get-WmiObject -query "SELECT * FROM Win32_PingStatus `
    WHERE Address='$MyMachineName'" | 
    select IPv4Address
$OS = Gwmi Win32_OperatingSystem
$OSver = $OS.Caption

$result = "$logontime;$domain\$user;$user;$machine;$IPAddr;$OSver;$servicetag"
$result | out-file $file -append
ErikE
  • 4,746
  • 1
  • 20
  • 27