How to list logons on a specific computer?

Question

I have to write a simple script which lists all users logon at every computer in a specific OU.

I have tried the function Get-UserLogon -OU '[distinguished name]' (see here) but it doesn't return any stdout.

Any alternatives?

I got no output nor error messages because the author of the function has setted up `$ErrorActionPreference= 'SilentlyContinue'`. I posted an aswer to update what I have found. — Dario Corrada, Feb 10 '21 at 13:40

score 3 · Answer 1 · answered Feb 10 '21 at 14:16

3

Have you tried this to give you users last logon time and date:

Get-ADUser -Filter * -SearchBase "ou=users,dc=contoso,dc=local" -ResultPageSize 0 -Prop CN,lastLogonTimestamp | Select CN,@{n="lastLogonDate";e={[datetime]::FromFileTime($_.lastLogonTimestamp)}} | Export-CSV -NoType last.csv

ref: https://expert-advice.org/active-directory/powershell-script-to-get-lastlogon-timestamp-for-specific-ou-and-export-to-csv-file/

answered Feb 10 '21 at 14:16

SAO

41
2

such solution tells me last logon time and date, as you wrote. But I am looking for which computer in AD the user has been logged in – Dario Corrada Feb 11 '21 at 08:01
How about getting a list of computers Get-ADComputer -Filter * -SearchBase ... and then cycle through the list getting users Get-CimInstance -ClassName Win32_OperatingSystem | Select-Object -Property *user* >> ref: https://www.manageengine.com/products/active-directory-audit/powershell/powershell-find-what-computer-user-logged-into.html https://learn.microsoft.com/en-us/powershell/scripting/samples/collecting-information-about-computers?view=powershell-7.1 – SAO Feb 11 '21 at 14:48
nope... I would like to avoid accessing each individual machine in any way. Firstly because I still have no grant to accomplish this, I can only access to AD for reading. Secondly, I would like to also retrieve an history log for those machines that are currently offline. – Dario Corrada Feb 12 '21 at 09:46

score 1 · Answer 2 · answered Feb 13 '21 at 14:56

There is an alternative method that does not iterate all computers in the domain, but it relies on all users have their Home directories redirected to a network share.

If that is the case in your domain, try:

# the UNC \\Server\Share name of the network share where all user homedirectories are
$usersHomePath = '\\HomesServer\HomesShare$' 

# split this UNC path to get the server name and share name in separate variables
$server, $share = $usersHomePath.TrimStart("\") -split '\\'


# get an array of SamAccountNames for all users in the OU
$users = (Get-ADUser -Filter * -SearchBase '[distinguished name]').SamAccountName

$result = Get-CimInstance -ClassName Win32_ServerConnection -ComputerName $server | 
            Where-Object { $_.ShareName -eq $share -and $users -contains $_.UserName } |
            Select-Object @{Name = "SamAccountName"; Expression = { $_.UserName }}, 
                          @{Name = "ComputerName"; Expression = {(([System.Net.Dns]::GetHostEntry($_.ComputerName).HostName) -split "\.")[0]}}

#output in console
$result

# output to Csv
$result | Export-Csv -Path 'UsersOnComputers.csv' -NoTypeInformation

score 0 · Answer 3 · answered Feb 10 '21 at 13:37

I tried to simply debug the Get-UserLogon function.

This function tries to connect to every computer listed in the OU and then it query to them the users logon list. As expected, most of these computers refuse the connection (maybe they are shutted down or simply offline).

Is there another way to retrieve such information? Does domain controller store logons in a such centralized fashion?

score 0 · Answer 4 · answered Feb 12 '21 at 09:51

0

I found such kind of possible solution here (read at the bottom of the thread), but I am not familiar at all with VBscript and I would like to implement this code in PowerShell.

answered Feb 12 '21 at 09:51

Dario Corrada

51
6

How to list logons on a specific computer?

4 Answers4