Forum Discussion
Solved
Get-ADUser from Get-AdGroupMember? Trying to get list of users using list of computers
Hi, I am trying to retrieve a list of users that have or are logged on to certain computers. The computers are all part of a security group and I have retrieved and saved the list using: Get-ADG...
mkamsadsummat like:
$ProcessList = gwmi win32_process -computer $Computer.Name -Filter "Name = 'explorer.exe'" Write-Verbose "$($ProcessList.Count) explorer.exe processes running" foreach ($Process in $ProcessList) { # Search collection of processes for username $processOwner = ($Process.GetOwner()).User # ... owner of the explorer.exe process is someone who is logged on to thsi computer }You'd have to execute the above code for each computer, return a list of logged on users filtering out a few generic accounts that you don't want to report on.
mkamsadsummat like:
$ProcessList = gwmi win32_process -computer $Computer.Name -Filter "Name = 'explorer.exe'"
Write-Verbose "$($ProcessList.Count) explorer.exe processes running"
foreach ($Process in $ProcessList)
{
# Search collection of processes for username
$processOwner = ($Process.GetOwner()).User
# ... owner of the explorer.exe process is someone who is logged on to thsi computer
}
You'd have to execute the above code for each computer, return a list of logged on users filtering out a few generic accounts that you don't want to report on.
psophos @psophos Thank you for that answer. It helped me to rethink about my question. I guess, my question can be reframed as: "Does AD store name of a user logged on to a particular computer?" If the answer is yes, can it be retrieved using powershell? If the answer is no, then what other tool can be used to retrieve that information using a script?
- If memory serves, no.
You could use the above script to query each PC for active logins.
Or query the event logs for historic login events.
This might require auditing being enabled ivia Group Policy first.
Or you could query all the DC event logs for logins. Which you'd then need to further filter for the machines that you care about.- Thank you. I will try another way to get the same information.
