如何让 psloggedon 从 Active Directory 中提取?
[英]How can I get psloggedon to pull from Active Directory?
问题描述
get-content 'C:\assets.txt' | % {
$computer = $_
. 'c:\PSTools\PsLoggedon.exe' -accepteula -l -x \\$Computer 3>$null |
? {$_ -match '^\s{2,}((?<domain>\w+)\\(?<user>\S+))'} |
Select-Object `
@{n='Computer';e={$Computer}},
@{n='Domain';e={$matches.Domain}},
@{n='User';e={$Matches.User}} |
? user -notmatch '^Connecting$|^Users$|^NT$'
}
This is what I am using to get all of the currently logged on computers.
这就是我用来获取所有当前登录的计算机的方法。 Is there a way I can combine this with Get-ADUser so I ca pull straight from AD rather than from a txt document?有没有办法可以将它与 Get-ADUser 结合起来,这样我就可以直接从 AD 中提取而不是从 txt 文档中提取?
2 个解决方案
解决方案1
0 2021-12-30 13:19:38
• Sorry, but currently there is no way through which you can integrate this 'Psloggedon.exe' utility with Active directory commands, ie, 'Get-AdUser'. • 抱歉,目前无法将此“Psloggedon.exe”实用程序与 Active Directory 命令(即“Get-AdUser”)集成。 But you can retrieve the details of currently logged on users on different computers in the network remotely by executing the below powershell function: -但是您可以通过执行以下 powershell function 远程检索网络中不同计算机上当前登录用户的详细信息:-
‘ function Get-LoggedOnUser
{
[CmdletBinding()]
param
(
[Parameter()]
[ValidateScript({ Test-Connection -ComputerName $_ -Quiet -Count 1 })]
[ValidateNotNullOrEmpty()]
[string[]]$ComputerName = $env:COMPUTERNAME
)
foreach ($comp in $ComputerName)
{
$output = @{ 'ComputerName' = $comp }
$output.UserName = (Get-WmiObject -Class win32_computersystem -ComputerName $comp).UserName
[PSCustomObject]$output
}
} ‘
The above script will give you currently logged on users on several computer systems in the network that you pass on in place of 'COMPUTERNAME' as below.上面的脚本将为您提供当前在网络中的多个计算机系统上登录的用户,您通过这些计算机系统代替“COMPUTERNAME”,如下所示。 Please note that you must give a list of computers separated by commas when using the above script for multiple computer systems.请注意,在将上述脚本用于多个计算机系统时,您必须提供以逗号分隔的计算机列表。
If you have AD in your environment, then you can check the Domain Controller logs to see when an Active Directory user account logs on and it will also tell the machine that the user is logged onto.如果您的环境中有 AD,那么您可以检查域 Controller 日志以查看 Active Directory 用户帐户何时登录,它还会告诉机器该用户已登录。 Refer the below links for more on this: -有关更多信息,请参阅以下链接:-
http://technet.microsoft.com/en-us/library/cc787176(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc787176(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/bb742435.aspx http://technet.microsoft.com/en-us/library/bb742435.aspx
http://www.windowsecurity.com/articles/deciphering-authentication-events-domain-controllers.html http://www.windowsecurity.com/articles/deciphering-authentication-events-domain-controllers.html
Also, find the below link for more information and reference on the above: -此外,找到以下链接以获取更多信息和上述参考:-
https://4sysops.com/archives/how-to-find-a-logged-in-user-remotely-using-powershell/ https://4sysops.com/archives/how-to-find-a-logged-in-user-remotely-using-powershell/
Powershell script to see currently logged in users (domain and machine) + status (active, idle, away) Powershell 脚本查看当前登录的用户(域和机器)+ 状态(活动、空闲、离开)
解决方案2
0 2021-12-31 04:12:59
You would use PowerShell's Get-ADComputer to do this job, not Get-ADUser .您将使用 PowerShell 的Get-ADComputer来完成这项工作,而不是Get-ADUser 。 Here's a script which does all this work for you.这是一个为您完成所有这些工作的脚本。 The below mainly lifted from the public domain here and only slightly modified.以下内容主要来自这里的公共领域,仅稍作修改。 It pulls and pipes all AD domain computers into C:\Computers.txt, then PS-remotes into each computer in that list to find the logged in, interactive user, and their last login date.它将所有 AD 域计算机拉入并通过管道传输到 C:\Computers.txt,然后 PS 远程访问该列表中的每台计算机,以查找登录的交互式用户及其最后登录日期。 Gives you a report file named C:\LoggedOnResults.txt in a nice tabled format.以漂亮的表格格式为您提供名为 C:\LoggedOnResults.txt 的报告文件。
# Finds and pipes all AD domain computers into Computers.txt, then PS-remotes into each computer in the list to find the logged in, interactive user, and their last login date. Generates a report file named C:\LoggedOnResults.txt, in a nice tabled format.
# Deletes the current file C:\Computers.txt (if it exists)
$FileName = "C:\Computers.txt"
if (Test-Path $FileName) {
Remove-Item $FileName
write-host "$FileName has been deleted"
}
else {
Write-host "$FileName doesn't exist"
}
# 0. Capture all AD computers into a text file named Computers.txt
# importing dependancy, assuming it's already installed.
# Install RSAT for Windows workstation, AD DS role for Windows Server if missing
Import-Module "ActiveDirectory"
Get-ADComputer -Filter {(OperatingSystem -like "*windows*") -and (Enabled -eq "True")} | Select -Expand Name | Out-File "C:\Computers.txt"
# 1. Create scriptblock to target computer will execute
$SB = {
$explorerprocesses = @(Get-WmiObject -Query "Select * FROM Win32_Process WHERE Name='explorer.exe'" -ErrorAction SilentlyContinue)
if ($explorerprocesses.Count -eq 0) {
New-Object -TypeName PSObject -Property @{
ComputerName = $env:COMPUTERNAME;
Username = [string]::Empty
LoggedOnSince = [string]::Empty
}
} else {
foreach ($i in $explorerprocesses) {
$Username = $i.GetOwner().User
$Domain = $i.GetOwner().Domain
New-Object -TypeName PSObject -Property @{
ComputerName = $env:COMPUTERNAME ;
Username = '{0}\{1}' -f $Domain,$Username ;
LoggedOnSince = ($i.ConvertToDateTime($i.CreationDate)) ;
}
}
}
} # endof scriptblock
# 2. Create an empty array to store results
$results = @()
# 3. Query target computers using PSRemoting
Get-content "C:\Computers.txt" | ForEach-Object -Process {
$computer = $_
try {
$results += Invoke-Command -ComputerName $Computer -ScriptBlock $SB -ErrorAction Stop
} catch {
Write-Warning -Message "Faild to use PSremoting on $Computer because $($_.Exception.Message)"
}
}
# 4. Display the results
$results | Select ComputerName,Username,LoggedOnSince | ft -AutoSize
# 5. Send results to a text file
$results | Select ComputerName,Username,LoggedOnSince | ft -AutoSize | Out-File -FilePath "C:\LoggedOnResults.txt"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.