[英]How can I get psloggedon to pull from Active Directory?
get-content 'C:\assets.txt' | % {
$computer = $_
. 'c:\PSTools\PsLoggedon.exe' -accepteula -l -x \\$Computer 3>$null |
? {$_ -match '^\s{2,}((?<domain>\w+)\\(?<user>\S+))'} |
Select-Object `
@{n='Computer';e={$Computer}},
@{n='Domain';e={$matches.Domain}},
@{n='User';e={$Matches.User}} |
? user -notmatch '^Connecting$|^Users$|^NT$'
}
這就是我用來獲取所有當前登錄的計算機的方法。 有沒有辦法可以將它與 Get-ADUser 結合起來,這樣我就可以直接從 AD 中提取而不是從 txt 文檔中提取?
• 抱歉,目前無法將此“Psloggedon.exe”實用程序與 Active Directory 命令(即“Get-AdUser”)集成。 但是您可以通過執行以下 powershell function 遠程檢索網絡中不同計算機上當前登錄用戶的詳細信息:-
‘ function Get-LoggedOnUser
{
[CmdletBinding()]
param
(
[Parameter()]
[ValidateScript({ Test-Connection -ComputerName $_ -Quiet -Count 1 })]
[ValidateNotNullOrEmpty()]
[string[]]$ComputerName = $env:COMPUTERNAME
)
foreach ($comp in $ComputerName)
{
$output = @{ 'ComputerName' = $comp }
$output.UserName = (Get-WmiObject -Class win32_computersystem -ComputerName $comp).UserName
[PSCustomObject]$output
}
} ‘
上面的腳本將為您提供當前在網絡中的多個計算機系統上登錄的用戶,您通過這些計算機系統代替“COMPUTERNAME”,如下所示。 請注意,在將上述腳本用於多個計算機系統時,您必須提供以逗號分隔的計算機列表。
如果您的環境中有 AD,那么您可以檢查域 Controller 日志以查看 Active Directory 用戶帳戶何時登錄,它還會告訴機器該用戶已登錄。 有關更多信息,請參閱以下鏈接:-
http://technet.microsoft.com/en-us/library/cc787176(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/bb742435.aspx
http://www.windowsecurity.com/articles/deciphering-authentication-events-domain-controllers.html
此外,找到以下鏈接以獲取更多信息和上述參考:-
https://4sysops.com/archives/how-to-find-a-logged-in-user-remotely-using-powershell/
您將使用 PowerShell 的Get-ADComputer來完成這項工作,而不是Get-ADUser 。 這是一個為您完成所有這些工作的腳本。 以下內容主要來自這里的公共領域,僅稍作修改。 它將所有 AD 域計算機拉入並通過管道傳輸到 C:\Computers.txt,然后 PS 遠程訪問該列表中的每台計算機,以查找登錄的交互式用戶及其最后登錄日期。 以漂亮的表格格式為您提供名為 C:\LoggedOnResults.txt 的報告文件。
# Finds and pipes all AD domain computers into Computers.txt, then PS-remotes into each computer in the list to find the logged in, interactive user, and their last login date. Generates a report file named C:\LoggedOnResults.txt, in a nice tabled format.
# Deletes the current file C:\Computers.txt (if it exists)
$FileName = "C:\Computers.txt"
if (Test-Path $FileName) {
Remove-Item $FileName
write-host "$FileName has been deleted"
}
else {
Write-host "$FileName doesn't exist"
}
# 0. Capture all AD computers into a text file named Computers.txt
# importing dependancy, assuming it's already installed.
# Install RSAT for Windows workstation, AD DS role for Windows Server if missing
Import-Module "ActiveDirectory"
Get-ADComputer -Filter {(OperatingSystem -like "*windows*") -and (Enabled -eq "True")} | Select -Expand Name | Out-File "C:\Computers.txt"
# 1. Create scriptblock to target computer will execute
$SB = {
$explorerprocesses = @(Get-WmiObject -Query "Select * FROM Win32_Process WHERE Name='explorer.exe'" -ErrorAction SilentlyContinue)
if ($explorerprocesses.Count -eq 0) {
New-Object -TypeName PSObject -Property @{
ComputerName = $env:COMPUTERNAME;
Username = [string]::Empty
LoggedOnSince = [string]::Empty
}
} else {
foreach ($i in $explorerprocesses) {
$Username = $i.GetOwner().User
$Domain = $i.GetOwner().Domain
New-Object -TypeName PSObject -Property @{
ComputerName = $env:COMPUTERNAME ;
Username = '{0}\{1}' -f $Domain,$Username ;
LoggedOnSince = ($i.ConvertToDateTime($i.CreationDate)) ;
}
}
}
} # endof scriptblock
# 2. Create an empty array to store results
$results = @()
# 3. Query target computers using PSRemoting
Get-content "C:\Computers.txt" | ForEach-Object -Process {
$computer = $_
try {
$results += Invoke-Command -ComputerName $Computer -ScriptBlock $SB -ErrorAction Stop
} catch {
Write-Warning -Message "Faild to use PSremoting on $Computer because $($_.Exception.Message)"
}
}
# 4. Display the results
$results | Select ComputerName,Username,LoggedOnSince | ft -AutoSize
# 5. Send results to a text file
$results | Select ComputerName,Username,LoggedOnSince | ft -AutoSize | Out-File -FilePath "C:\LoggedOnResults.txt"
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.