cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Get-ADUser from Get-AdGroupMember? Trying to get list of users using list of computers

mkamsad
Copper Contributor

‎Sep 20 2021 09:14 AM - edited ‎Sep 20 2021 10:23 AM

‎Sep 20 2021 09:14 AM - edited ‎Sep 20 2021 10:23 AM

Get-ADUser from Get-AdGroupMember? Trying to get list of users using list of computers

Hi, I am trying to retrieve a list of users that have or are logged on to certain computers. The computers are all part of a security group and I have retrieved and saved the list using:

 

Get-ADGroupMember security-group-name | Export-CSV complist.csv

 

 From this list, I'd like to find out who the users are of each of these computers.

 

If there is a better way to achieve what's being asked, please feel free to share.

 

Thank you! :smile:

Labels:
1,081 Views
0 Likes
4 Replies
Reply
4 Replies
best response confirmed by mkamsad (Copper Contributor)
psophos

‎Sep 20 2021 10:33 AM

‎Sep 20 2021 10:33 AM

Solution

Re: Get-ADUser from Get-AdGroupMember? Trying to get list of users using list of computers

@mkamsadsummat like:

$ProcessList = gwmi win32_process -computer $Computer.Name -Filter "Name = 'explorer.exe'"
Write-Verbose "$($ProcessList.Count) explorer.exe processes running"

foreach ($Process in $ProcessList)
{
    # Search collection of processes for username
    $processOwner = ($Process.GetOwner()).User

    # ... owner of the explorer.exe process is someone who is logged on to thsi computer
}

 

You'd have to execute the above code for each computer, return a list of logged on users filtering out a few generic accounts that you don't want to report on.

 

0 Likes
Reply
mkamsad

‎Sep 20 2021 11:08 AM

‎Sep 20 2021 11:08 AM

Re: Get-ADUser from Get-AdGroupMember? Trying to get list of users using list of computers

@psophos @psophos Thank you for that answer. It helped me to rethink about my question. I guess, my question can be reframed as: "Does AD store name of a user logged on to a particular computer?" If the answer is yes, can it be retrieved using powershell? If the answer is no, then what other tool can be used to retrieve that information using a script?

0 Likes
Reply
psophos

‎Sep 20 2021 11:42 AM

‎Sep 20 2021 11:42 AM

Re: Get-ADUser from Get-AdGroupMember? Trying to get list of users using list of computers

If memory serves, no.

You could use the above script to query each PC for active logins.
Or query the event logs for historic login events.
This might require auditing being enabled ivia Group Policy first.

Or you could query all the DC event logs for logins. Which you'd then need to further filter for the machines that you care about.
1 Like
Reply
mkamsad

‎Sep 22 2021 04:07 PM

‎Sep 22 2021 04:07 PM

Re: Get-ADUser from Get-AdGroupMember? Trying to get list of users using list of computers

Thank you. I will try another way to get the same information.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by mkamsad (Copper Contributor)
psophos

‎Sep 20 2021 10:33 AM

‎Sep 20 2021 10:33 AM

Solution

Re: Get-ADUser from Get-AdGroupMember? Trying to get list of users using list of computers

@mkamsadsummat like:

$ProcessList = gwmi win32_process -computer $Computer.Name -Filter "Name = 'explorer.exe'"
Write-Verbose "$($ProcessList.Count) explorer.exe processes running"

foreach ($Process in $ProcessList)
{
    # Search collection of processes for username
    $processOwner = ($Process.GetOwner()).User

    # ... owner of the explorer.exe process is someone who is logged on to thsi computer
}

 

You'd have to execute the above code for each computer, return a list of logged on users filtering out a few generic accounts that you don't want to report on.

 

View solution in original post

0 Likes
Reply