我正在尝试运行PowerShell脚本来查找用户在我的域上登录的所有计算机。我无法得到任何工作。我发现以下脚本将运行没有错误,但永远不会产生输出。有什么想法或建议吗?
Add-PSSnapin Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue
$ErrorActionPreference = "SilentlyContinue"
# Retrieve Username to search for, error checks to make sure the username
# is not blank and that it exists in Active Directory
Function Get-Username {
$Global:Username = Read-Host "Enter username you want to search for"
if ($Username -eq $null) {
Write-Host "Username cannot be blank, please re-enter username!"
Get-Username
}
$UserCheck = Get-QADUser -SamAccountName $Username
if ($UserCheck -eq $null) {
Write-Host "Invalid username, please verify this is the logon id for the account"
Get-Username
}
}
get-username
$computers = Get-QADComputer | where {$_.accountisdisabled -eq $false} -searchroot '\\MyDomainName\computers'
foreach ($comp in $computers) {
$Computer = $comp.Name
$ping = new-object System.Net.NetworkInformation.Ping
$Reply = $null
$Reply = $ping.send($Computer)
if($Reply.status -like 'Success') {
#Get explorer.exe processes
$proc = gwmi win32_process -computer $Computer -Filter "Name = 'explorer.exe'"
#Search collection of processes for username
ForEach ($p in $proc) {
$temp = ($p.GetOwner()).User
if ($temp -eq $Username) {
write-host "$Username is logged on $Computer"
}
}
}
}
答案 0 :(得分:0)
我们必须登录AD服务器并查询事件ID 4624 ,从所有事件列表中搜索用户登录的历史记录。它仅显示源计算机的IP地址。在那里,我们可以使用命令 nslookup 来查找主机名。要执行此过程,需要使用编写良好的批处理文件或电源shell脚本来快速找到HOSTNAME。
答案 1 :(得分:0)
如果您不想依赖专有的 Quest.ActiveRoles.ADManagement
,PSGallery 上有一个名为 Get-ActiveUser
的原生 PowerShell 解决方案。
我们可以将我们的计算机列表提供给它,并找到用户登录的任何地方。
注意:正如其他人提到的,查询网络上的所有计算机需要很长时间。每 100 台电脑大约需要 15 分钟。检查日志的建议会更快。
# List-Computers-ByUser.ps1
#
[CmdletBinding()]
param (
# Search for user
[Parameter(Mandatory=$false,
ValueFromPipelineByPropertyName=$true,
HelpMessage="If you don't pass a name you will be prompted",
Position=0)]
[String]
$UserName,
# Choose method, WMI, CIM or Query
[Parameter(Mandatory=$false,
ValueFromPipelineByPropertyName=$true,
HelpMessage="Default set to WMI",
Position=1)]
[ValidateSet('WMI','CIM','Query')]
[String]
$Method = "Query"
)
# Retrieve Username to search for, error checks to make sure the username
# is not blank and that it exists in Active Directory
Function Get-Username([String]$UserName) {
if ([string]::IsNullOrEmpty($UserName)) {
$UserName = Read-Host "Enter username you want to search for"
}
$UserCheck = Get-ADUser -Identity $Username
if ($null -eq $UserCheck) {
Write-Debug "Invalid username, please verify this is the logon id for the account"
$UserName = Get-Username
}
return $UserName
}
$Script:UserName = Get-Username $UserName
Write-Host "Checking for PS Module Get-ActiveUser ..."
if (-not (Get-InstalledModule Get-ActiveUser -ErrorAction silentlycontinue)) {
Install-Module -Name Get-ActiveUser
}
[String]$Global:output=@()
Write-Host "Searching for username across all computers in domain. This will take a long time ..."
$adComputers = Get-ADComputer -Filter 'enabled -eq "true"' | Select-Object -ExpandProperty Name
Measure-Command {
$output = $adComputers | ForEach-Object -Parallel {
$users = Get-ActiveUser -ComputerName $_ -Method $using:Method
ForEach($activeUser in $users) {
if($activeUser.UserName -eq $UserName) {
$output+=$activeUser
Write-Output $activeUser
}
}
}
}
# Show results, all computers that user is logged in to
$output