Khalifa96
Reputation: 21
Foreach IPv4 address where name is like 10.53.* get user logged on
I'm trying to find out who is in the office and who's not by checking the IPv4 Address range. Anyone with an IP address starting with 10.57.xx.xx Is in the office and anyone with IP 10.53.xx.xx is working on a VPN. I would like to export their domain usernames from the list of people in the office.
How can I do this using PowerShell?
This is what I have (unfinished)
$Machines = (Get-ADComputer -Filter * -SearchBase 'OU=Laptops,OU=Win10Modern,OU=LN,OU=Workstations,DC=cooley,DC=com').Name
$result = foreach ($Machine in $Machines)
{
if (Test-Connection -ComputerName $Machine -Count 1 -Quiet) {
if($machine.ipaddress -like "10.57*")
{
Get-WmiObject –ComputerName $Machine –Class Win32_ComputerSystem | Select-Object Username
}
}
}
Upvotes: 0
Views: 206
Answers (1)
Toni
Reputation: 1816
#Query machines, better use dnsHostName instead of name. The ldapfilter does only return enabled accounts
$Machines = (Get-ADComputer -ldapfilter "(&(samaccountname=*)(!userAccountControl:1.2.840.113556.1.4.803:=2))" -SearchBase 'OU=Laptops,OU=Win10Modern,OU=LN,OU=Workstations,DC=cooley,DC=com').dnsHostName
$result = @(
foreach ($Machine in $Machines){
try {
#Test connection, remove -quiet otherwise you wont get infos like IP
$contest = Test-Connection -ComputerName $Machine -Count 1 -ErrorAction:Stop
}
Catch {
write-warning "Machine: $machine is not pingable - process next item"
continue
}
if($contest.IPV4Address.IPAddressToString -match "^(10\.57)"){
#WMI is a bit outdated you should use CIM instead
#Get-WmiObject –ComputerName $Machine –Class Win32_ComputerSystem | Select-Object Username
#Switched to EventLog as Win32_ComputerSystem does not give you the necessary information, will only detect the newest logon event of logon type 2 (logon locally)
try {
[xml[]]$xml = Get-WinEvent -ErrorAction:stop -ComputerName $machine -ProviderName "Microsoft-Windows-Security-Auditing" -FilterXPath "*[System[EventID=4624] and EventData[Data[@Name='LogonType'] and (Data='2')]]" -MaxEvents 1 | %{$_.ToXml()}
}
Catch {
write-error "Failed to query EventLog - Exception: $_"
continue
}
$userName = ($xml.event.EventData.data | ?{$_.name -eq 'targetusername'}).'#text'
$inOffice = $true
}
Else {
$username = $null
$inOffice = $false
}
#Build object
$attrsht = [ordered]@{
user=$userName
machine=$Machine
isInOffice=$inOffice
ipAddress=$contest.IPV4Address.IPAddressToString
}
new-object -TypeName psobject -Property $attrsht
}
)
$result | export-csv C:\inOfficeReport.csv -delimiter ";" -notypeinformation```
Upvotes: 1
Related Questions
- get IPv4 address into a variable
- Powershell commands to get IP address
- How can I get IPV4 address into powershell variable with IPV6 and IPV4 together?
- How would I convert multiple strings to an IP address in Powershell so I can filter out IPv6
- Find all IP addresses from array
- Gather IP address information
- How to get only IPv4 address(es) for a hostname
- How can I get the machine IP address only for several PCs using ForEach-Object in Powershell?
- getting ip details in powershell
- Script grabbing all the ips instead of just one and placing all of them in to variable