Forum Discussion

mkamsad's avatar
mkamsad
Copper Contributor
Sep 20, 2021
Solved

Get-ADUser from Get-AdGroupMember? Trying to get list of users using list of computers

Hi, I am trying to retrieve a list of users that have or are logged on to certain computers. The computers are all part of a security group and I have retrieved and saved the list using:

 

Get-ADGroupMember security-group-name | Export-CSV complist.csv

 

 From this list, I'd like to find out who the users are of each of these computers.

 

If there is a better way to achieve what's being asked, please feel free to share.

 

Thank you! :smile:

activedirectory
  • psophos's avatar
    psophos
    Sep 20, 2021

    mkamsadsummat like:

    $ProcessList = gwmi win32_process -computer $Computer.Name -Filter "Name = 'explorer.exe'"
Write-Verbose "$($ProcessList.Count) explorer.exe processes running"

foreach ($Process in $ProcessList)
{
    # Search collection of processes for username
    $processOwner = ($Process.GetOwner()).User

    # ... owner of the explorer.exe process is someone who is logged on to thsi computer
}

     

    You'd have to execute the above code for each computer, return a list of logged on users filtering out a few generic accounts that you don't want to report on.

     

4 Replies

  • psophos's avatar
    psophos
    Brass Contributor
    Sep 20, 2021

    mkamsadsummat like:

    $ProcessList = gwmi win32_process -computer $Computer.Name -Filter "Name = 'explorer.exe'"
Write-Verbose "$($ProcessList.Count) explorer.exe processes running"

foreach ($Process in $ProcessList)
{
    # Search collection of processes for username
    $processOwner = ($Process.GetOwner()).User

    # ... owner of the explorer.exe process is someone who is logged on to thsi computer
}

     

    You'd have to execute the above code for each computer, return a list of logged on users filtering out a few generic accounts that you don't want to report on.

     

    • mkamsad's avatar
      mkamsad
      Copper Contributor
      Sep 20, 2021

      psophos @psophos Thank you for that answer. It helped me to rethink about my question. I guess, my question can be reframed as: "Does AD store name of a user logged on to a particular computer?" If the answer is yes, can it be retrieved using powershell? If the answer is no, then what other tool can be used to retrieve that information using a script?

      • psophos's avatar
        psophos
        Brass Contributor
        Sep 20, 2021
        If memory serves, no.

        You could use the above script to query each PC for active logins.
        Or query the event logs for historic login events.
        This might require auditing being enabled ivia Group Policy first.

        Or you could query all the DC event logs for logins. Which you'd then need to further filter for the machines that you care about.

Resources