Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

is it possible to tell when and where a user logged on

Status
Not open for further replies.
bookouri

bookouri

IS-IT--Management
Feb 23, 2000
1,464
US
We do not audit successful logon attempts on our AD domain. I do audit unsuccessful logons just for security purposes, but this is the first time Ive been asked if i can identify when/if and where a user logged on during a particular date range. Does anybody have any ideas if there's any way to get this information out of AD?

thanks for any suggestions
 
Sort by date Sort by votes
The additional info tab doesnt give me what i really need. I need to find out when this user logged on and what PC's this user logged on to during a specific date/time range. I dont think it can be done unless there's something like dsquery that can retrieve that information.
 
Upvote 0 Downvote
RE:
We do not audit successful logon attempts on our AD domain.

you need to if you want the information you seek. Too late for this request.

________________________________________
Achieving a perception of high intelligence level can only be limited by your manipulation skills of the Google algorithm!
 
Upvote 0 Downvote
You would need to have been collecting successful login information. And then you would need to combine the logs of all domain controllers to get the full picture.

If you think this is something you will get asked about in the future, then I recommend you get creative.

Create a SQL database to log machine name, username, date & time as well as login/out. Use a login and logoff script to record those details.

I figured you might need help with code to do it so I wrote some for you.
Code: 
[green]'==========================================================================
'
' NAME: RecordLoginLogoutTimes.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL: [URL unfurl="true"]http://www.thespidersparlor.com[/URL]
' DATE  : 2/10/2009
' COPYRIGHT (c) 2009 All Rights Reserved
'
' COMMENT: Write login/logout information to SQL database
'
'    THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
'    ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO
'    THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
'    PARTICULAR PURPOSE.
'
'    IN NO EVENT SHALL THE SPIDER'S PARLOR AND/OR ITS RESPECTIVE SUPPLIERS 
'    BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
'    DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
'    WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
'    ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
'    OF THIS CODE OR INFORMATION.
'
' SQL Information:
'		DSN = LoginLogout
'		Table = Activity
'		Fields = UserName, ComputerName, DateTime, Action
'
'
'==========================================================================[/green]
Const adOpenStatic =3
Const adLockOptimistic =3
Const adUseClient = 3

Dim WSHNetwork
Set WSHNetwork = WScript.CreateObject("WScript.Network")

UserName = WSHNetwork.UserName
ComputerName = WSHNetwork.ComputerName
EventTime = Now

Set objConnection = CreateObject("ADODB.Connection")
Set objRecordset = CreateObject("ADODB.Recordset")
objConnection.Open "DSN=LoginLogout;"
objRecordset.CursorLocation = adUseClient
objRecordset.Open "Select * FROM Activity" objConnection, _
	adOpenStatic, adLockOptimistic

objRecordset("UserName") = UserName
objRecordset("Computer") = ComputerName
objRecordset("DateTime") = EventTime
objRecordset("Action") = "LOGON"
objRecordset.Update
objRecordset.Close
objConnection.Close

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
Please note that the above script can be used to record logoff events too. Just run the same code as a logoff script and replace
Code: 
objRecordset("Action") = "LOGON"
with
Code: 
objRecordset("Action") = "LOGOFF"

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
511
DrB0b
DrB0b
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
912
gbaughma
gbaughma
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
410
DTGMI
DTGMI
juniper911
  • Locked
  • Question
Smartcard PIN Cache - is it configurable?
Replies
0
Views
168
juniper911
juniper911
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
420
microsGuy16
microsGuy16

Part and Inventory Search

Sponsor

Back
Top