0 votes

Hi,

Can you tell me how to look up a list of last logged-in users for computers from specific OU?

Have OU called Laptops and need to know who as last person logged into each of them?

Found that script: https://www.adaxes.com/script-repository/output-username-of-last-user-who-lgged-on-to-computer-s269.htm but it' s not design for OU

by (450 points)
0

Hello Robert,

This can be done by updating the script from our repository that you referenced. However, establishing connections to all the computers in an OU can take very long time so the script will need to be executed in a separate PowerShell instance. If this approach meets your needs, please, provide us with all the possible details regarding the desired behavior. Do you need the script to be executed on the Organizational Unit objects and output the computers and users into the Execution log? Or the report should be sent embedded into an email notification? Any additional details and live examples would be much appreciated.

0

Hi, I would prefer it sent in cvs file to a mailbox if possible. Not worried about execution time at all..

As per desired output: I would like to specify a 'Laptops' OU and script needs to look into all sub-OU's (Engineering, HR etc), read each computer account from them and display who was logged into it. As per output it's as simple as those tabs: OU - Computer name - last logged in user - time of last logging in.

Is that possible?

regards Robert

0

Hello Robert,

We recommend using an approach with a Scheduled Task and a report. The task will go through all the computers in a specific OU, check the last logged on user and save all the necessary data to Adaxes custom attributes (e.g. CustomAttribtueText1, CustomAttribtueDate1, etc.). In the Web Interface, you will use a report to output the list of computers, users that last logged on to them and other required details. Before generating the report, you will be able to select an OU where to search for computers or configure it to always generate for the very same OU. The only disadvantage of the approach is that the information in the attributes and in the report accordingly can be not up to date if a user logs on to a computer between the launches of the Scheduled Task and the report is generated. However, the approach will be much less resource consuming. Does it meet your needs?

0

Hi,

I don't plan to use it often, so manual run every now-and-then would be perfectly acceptable.

It does not needs to be overcomplicated.

regards Robert

1 Answer

0 votes
by (162k points)

Hello Robert,

Thank you for the confirmation. Find the updated script below. To run the script, create a Custom Command configured for the Organizational Unit object type. To execute the command in Adaxes Web Interface and select the OU on which it will be run, create a Web Interface action of the Custom Command type. For details on configuring the actions, have a look at the following tutorial: https://www.adaxes.com/tutorials_WebInterfaceCustomization_ConfigureActionsPane.htm.

$win32UserFilter = "NOT SID = 'S-1-5-18' AND NOT SID = 'S-1-5-19' AND NOT SID = 'S-1-5-20'" # Exclude well-known SIDs, such as NETWORK SERVICE

function SearchObjects ($filter, $path)
{
    $searcher = $Context.BindToObject($path)
    $searcher.SearchFilter = $filter
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.PageSize = 500

    try
    {
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()

        return ,$searchResults
    }
    finally
    {
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }
    }
}

# Search results
$searchResults = SearchObjects "(&(objectCategory=computer)(dNSHostName=*))" $Context.TargetObject.AdsPath
$domainName = $Context.GetObjectDomain("%distinguishedName%")
$userSidsToUserName = @{}
foreach ($searchResult in $searchResults)
{
    $dNSHostName = $searchResult.Properties["dNSHostName"].Value
    if (!(Test-Connection -ComputerName $dNSHostName -Quiet -Count 1))
    {
        $Context.LogMessage("Cannot connect to computer $dNSHostName", "Warning")
        continue
    }

    # Get the last logged on user
    try
    {
        $lastUser = Get-WmiObject -Class Win32_UserProfile -ComputerName $dNSHostName -Filter $win32UserFilter -ErrorAction Stop | Sort-Object -Property @{Expression = {$_.ConvertToDateTime($_.LastUseTime)}; Descending = $True} | Select-Object -First 1
    }
    catch
    {
        $Context.LogMessage("An error occurs when getting user information from computer $dNSHostName. Error: " + $_.Exception.Message, "Warning")
        continue
    }

    # Build filter to find the user
    $userSID = $lastUser.SID
    if (!$userSidsToUserName.Contains($userSID))
    {
        $filter = [Softerra.Adaxes.Ldap.FilterBuilder]::Create("ObjectSid", $userSID)
        $userSearchResults = SearchObjects $filter "Adaxes://$domainName/rootDSE"

        if ($userSearchResults.Length -eq 0)
        {
            $Context.LogMessage("Cannot find user with SID '$userSID' for computer $dNSHostName. Probably, it is a local account.", "Warning")
            continue
        }
        $userSidsToUserName.Add($userSID, $userSearchResults[0].Properties["sAMAccountName"].Value)
    }

    # Get Username
    $username = $userSidsToUserName[$userSID]

    # Get parent name
    $computerDN = New-Object Softerra.Adaxes.Ldap.DN $searchResults[0].Properties["distinguishedName"].Value
    $parentName = $computerDN.Parent.Leaf.Value

    # Get LastUseTime
    $lastUseTime = $lastUser.ConvertToDateTime($lastUser.LastUseTime)

    # Log
    $Context.LogMessage("$parentName - $dNSHostName - $username - $lastUseTime", "Information")
}

0

Hi,

It's not exactly what I wanted due to amount of errors, but at this stage don’t think we can ask for more..

Thanks

Regards Robert

Related questions

0 votes
1 answer

As part of our PCI compliance, we need to create a report of all the user accounts that are expiring in the next 30 days and email that to a user who compiles ... I was hoping to utilize Adaxes to automate it. Any assistance would be very much appreciated.

asked Apr 1, 2013 by danftasc (3.4k points)
0 votes
1 answer

Dear Adaxes Support, I'm trying to check the uniqueness of the Initials-proberty. My script works well so far. Import-Module Adaxes $value = $Context.GetModifiedPropertyValue("initials"); if ( ... Have you a idea how I can do this in the right way? Thanks :-)

asked Aug 13, 2013 by Napoleon (4.4k points)
0 votes
1 answer

Hi! I want to setup a scheduled action to send out a email once per week of what users each of our managers has as direct reports with a link to create a email to our ... want the opposite .... https://www.adaxes.com/script-repositor ... s-s219.htm /Kaj

asked Jan 30 by KajLehtinen (3k points)
0 votes
1 answer

In post Recently/Never logged on users reports - incorrect Logged#p4397 support states "To detect when a user last logged into the domain, we use the Last-Logon-Timestamp ... selection criteria? (These reports do not use Last Logon property) Thank you, Tim

asked Jul 16, 2014 by theckel (3.1k points)
0 votes
1 answer

Hello, We'd like to create a scheduled task that: Imports a csv of users (there's a column with header sAMAccountName) Disables the account Changes the password to a random ... we can build on that knowledge for other tasks we'd like to schedule.) Thanks!

asked Nov 13 by gfreeman (710 points)
2,031 questions
1,806 answers
5,156 comments
1,016 users