Powershell List of Users and the Hosts They Rode In On

Question

Would anybody have any suggestions?  I need to generate a list of users and the computers they're logging into, from Active Directory.  I'm hoping to get something like this:

Username Hostname

user.lastname ComputerA1

So far, I've gotten:

Enter-PSSession Import-Module ActiveDirectory Get-ADComputer -Filter * -Properties Name Get-ADuser -filter * -Properties * | export-csv '\\\AD_UserLists.csv'

This works, kinda.  I can generate a list of computers from AD and I can generate a list of ADUsers (albeit with ALL the users information).  Unfortunately, I can't generate the data into a single CSV.

Suggestions/Advice????

Thanx, David

Answer 1

Here is a way to get what you want. You will have to run this against AD-Computer objects when the machines are online, and catch the names of the computers you could not reach. Something like this...

    #grab the DN of the OU where your computer objects are located...
    $OU = ("OU=Computers,DC=domain,DC=com")

    #put your filtered results in $computers (I filtered for Enabled objects)...
    $computers = @()

    ForEach ($O in $OU) {

        $computers += Get-ADComputer -SearchBase $O -filter 'Enabled -eq "True"' -Properties CN,distinguishedname,lastLogonTimeStamp | Select-Object CN,distinguishedname,lastLogonTimeStamp

    }

    #instantiate some arrays to catch your results
    #collected user info
    $userInfo = @()
    #computers you cannot ping
    $offline = @()
    #computers you can ping but cannot establish WinRM connection
    $winRmIssue = @()

    #iterate over $computers list to get user info on each...
    ForEach ($computer in $computers) {

    #filter out System account SIDs
    $WQLFilter = "NOT SID = 'S-1-5-18' AND NOT SID = 'S-1-5-19' AND NOT SID = 'S-1-5-20'" 

    $WQLFilter = $WQLFilter + " AND NOT SID = `'$FilterSID`'"

    #set number of login events to grab
    $newest = 20     

        #attempt to ping computer once by name. return 'true' is success...
        if (Test-Connection -ComputerName $computer.CN -Count 1 -ErrorAction Stop -Quiet) {

        #if ping is true, try to get some info...
            Try {

        #currently logged in user...
                $user = Get-WmiObject -Class Win32_ComputerSystem -ComputerName $computer.CN | select -ExpandProperty username

        #the most commonly logged in user, based on the past 20 log-ins...
                $UserProperty = @{n="User";e={((New-Object System.Security.Principal.SecurityIdentifier $_.ReplacementStrings[1]).Translate([System.Security.Principal.NTAccount])).ToString()}}
                $logs = Get-EventLog System -Source Microsoft-Windows-Winlogon -ComputerName $computer.CN -newest $newest | select $UserProperty
                $freqent = $logs | Group User | Sort-Object Count | Select -First 1 | Select-Object -ExpandProperty Name

                }

        #catch any connection issues...
            Catch {

                $cantInvoke = [pscustomobject][ordered]@{

                'Computer' = $computer.CN
                'Message' = "Could not Invoke-Command. Probably a WinRM issue."            

                }

                $winRMIssue += $cantInvoke

                }

        #custom psobject of gathered user info...
            $userInfoObj = New-Object psobject -Property ([ordered]@{

                'Computer' = $computer.CN
                'LoggedInUser' = $user
                'mostCommonUser' = $frequent            

                })

                    $userInfo += $userInfoObj

                }

        #if you could not ping the computer, gather that info here in a custom object...               
        else {

             $noPing = [pscustomobject][ordered]@{

             'Computer' = $computer.CN
             'DN' = $computer.distinguishedname
             'lastLogonDate' = [datetime]::FromFileTime($computer.lastLogonTimeStamp).toShortDateString()

             }

             $offline += $noPing

             }

 #then kick out the results to csv
$userInfo | Sort-Object Computer | export-csv -Path c:\path\file.csv -NoTypeInformation

$offline | Sort-Object lastLogonDate | export-csv -Path c:\path.file2csv -NoTypeInformation

$winRmIssue | Sort-Object Computer | export-csv -Path c:\path\file3.csv -NoTypeInformation

Answer 2

You could use the wmi function

Get-WmiObject -Class Win32_ComputerSystem -ComputerName "computersname" | Select-Object Name,Username

Answer 3

I need to generate a list of users and the computers they're logging into, from Active Directory.

This information is not stored in Active Directory. You may be able to retrieve this information with Active Directory auditing. Otherwise, you'll need to poll each individual workstation.