This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 74%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Good afternoon,
I would need to run a script that would tell me which computers a particular user was logged into.
I found this script:
#Set variables
$progress = 0
#Get Admin Credentials
Function Get-Login {
Clear-Host
Write-Host "Please provide admin credentials (for example DOMAIN\admin.user and your password)"
$Global:Credential = Get-Credential
}
Get-Login
#Get Username to search for
Function Get-Username {
Clear-Host
$Global:Username = Read-Host "Enter username you want to search for"
if ($Username -eq $null){
Write-Host "Username cannot be blank, please re-enter username!"
Get-Username
}
$UserCheck = Get-ADUser $Username
if ($UserCheck -eq $null){
Write-Host "Invalid username, please verify this is the logon id for the account!"
Get-Username
}
}
Get-Username
#Get Computername Prefix for large environments
Function Get-Prefix {
Clear-Host
$Global:Prefix = Read-Host "Enter a prefix of Computernames to search on (CXX*) use * as a wildcard or enter * to search on all computers"
Clear-Host
}
Get-Prefix
#Start search
$computers = Get-ADComputer -Filter {Enabled -eq 'true' -and SamAccountName -like $Prefix}
$CompCount = $Computers.Count
Write-Host "Searching for $Username on $Prefix on $CompCount Computers`n"
#Start main foreach loop, search processes on all computers
foreach ($comp in $computers){
$Computer = $comp.Name
$Reply = $null
$Reply = test-connection $Computer -count 1 -quiet
if($Reply -eq 'True'){
if($Computer -eq $env:COMPUTERNAME){
#Get explorer.exe processes without credentials parameter if the query is executed on the localhost
$proc = gwmi win32_process -ErrorAction SilentlyContinue -computer $Computer -Filter "Name = 'explorer.exe'"
}
else{
#Get explorer.exe processes with credentials for remote hosts
$proc = gwmi win32_process -ErrorAction SilentlyContinue -Credential $Credential -computer $Computer -Filter "Name = 'explorer.exe'"
}
#If $proc is empty return msg else search collection of processes for username
if([string]::IsNullOrEmpty($proc)){
write-host "Failed to check $Computer!"
}
else{
$progress++
ForEach ($p in $proc) {
$temp = ($p.GetOwner()).User
Write-Progress -activity "Working..." -status "Status: $progress of $CompCount Computers checked" -PercentComplete (($progress/$Computers.Count)*100)
if ($temp -eq $Username){
write-host "$Username is logged on $Computer"
}
}
}
}
}
write-host "Search done!"
The problem is that I would need it to also tell me the LastLogonDate of that user on those computers found by the script.
I tried several times to add some corrections to the script but i could not achieve it.
Could you help me with this task, please?
Thank so much.
@Santhi Swaroop Naik Bukke Finally i could solve it with the "query user" line: query user $Username /server:$Computer
I wouId like to know, to have the perfect script, if, when the "query user" command shows all information: https://ibb.co/jZ6NsF2
I need that it shows only the LOGON TIME information.
Is that possible?
Thank so much.
I am going to disable the domain administrator account, and i would like to know in what servers this account was used to know the services associated with it.
This scripts works perfect but the problem is that when i try to look for what servers used the administrator account, the servers which appear are related with the local administrator account, not with the domain administrator account.
How could I do that the script look for the servers related with the domain administrator account?
Thank so much.
