Question

我正在尝试运行PowerShell脚本来查找用户在我的域上登录的所有计算机。我无法得到任何工作。我发现以下脚本将运行没有错误，但永远不会产生输出。有什么想法或建议吗？

Add-PSSnapin Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue
$ErrorActionPreference = "SilentlyContinue"

# Retrieve Username to search for, error checks to make sure the username
# is not blank and that it exists in Active Directory

Function Get-Username {
    $Global:Username = Read-Host "Enter username you want to search for"
    if ($Username -eq $null) {
        Write-Host "Username cannot be blank, please re-enter username!"
        Get-Username
    }
    $UserCheck = Get-QADUser -SamAccountName $Username
    if ($UserCheck -eq $null) {
        Write-Host "Invalid username, please verify this is the logon id for the account"
        Get-Username
    }
}

get-username

$computers = Get-QADComputer | where {$_.accountisdisabled -eq $false} -searchroot '\\MyDomainName\computers'
foreach ($comp in $computers) {
    $Computer = $comp.Name
    $ping = new-object System.Net.NetworkInformation.Ping
    $Reply = $null
    $Reply = $ping.send($Computer)
    if($Reply.status -like 'Success') {
        #Get explorer.exe processes
        $proc = gwmi win32_process -computer $Computer -Filter "Name = 'explorer.exe'"
        #Search collection of processes for username
            ForEach ($p in $proc) {
                $temp = ($p.GetOwner()).User
                if ($temp -eq $Username) {
                write-host "$Username is logged on $Computer"
                }       
            }
        }
    }

Answer 1

我们必须登录AD服务器并查询事件ID 4624 ，从所有事件列表中搜索用户登录的历史记录。它仅显示源计算机的IP地址。在那里，我们可以使用命令 nslookup 来查找主机名。要执行此过程，需要使用编写良好的批处理文件或电源shell脚本来快速找到HOSTNAME。

Answer 2

如果您不想依赖专有的 Quest.ActiveRoles.ADManagement，PSGallery 上有一个名为 Get-ActiveUser 的原生 PowerShell 解决方案。

我们可以将我们的计算机列表提供给它，并找到用户登录的任何地方。

注意：正如其他人提到的，查询网络上的所有计算机需要很长时间。每 100 台电脑大约需要 15 分钟。检查日志的建议会更快。

# List-Computers-ByUser.ps1
#
[CmdletBinding()]
param (
    # Search for user
    [Parameter(Mandatory=$false,
    ValueFromPipelineByPropertyName=$true,
    HelpMessage="If you don't pass a name you will be prompted",
    Position=0)]
    [String]
    $UserName,

    # Choose method, WMI, CIM or Query
    [Parameter(Mandatory=$false,
    ValueFromPipelineByPropertyName=$true,
    HelpMessage="Default set to WMI",
    Position=1)]
    [ValidateSet('WMI','CIM','Query')]
    [String]
    $Method = "Query"
)

# Retrieve Username to search for, error checks to make sure the username
# is not blank and that it exists in Active Directory
Function Get-Username([String]$UserName) {
    if ([string]::IsNullOrEmpty($UserName)) {
        $UserName = Read-Host "Enter username you want to search for"
    }

    $UserCheck = Get-ADUser -Identity $Username
    if ($null -eq $UserCheck) {
        Write-Debug "Invalid username, please verify this is the logon id for the account"
        $UserName = Get-Username
    }

    return $UserName
}

$Script:UserName = Get-Username $UserName

Write-Host "Checking for PS Module Get-ActiveUser ..."
if (-not (Get-InstalledModule Get-ActiveUser -ErrorAction silentlycontinue)) {
    Install-Module -Name Get-ActiveUser 
}

[String]$Global:output=@()

Write-Host "Searching for username across all computers in domain. This will take a long time ..."
$adComputers =  Get-ADComputer  -Filter 'enabled -eq "true"' | Select-Object -ExpandProperty Name
Measure-Command {
    $output = $adComputers | ForEach-Object -Parallel {
        $users = Get-ActiveUser -ComputerName $_ -Method $using:Method
        ForEach($activeUser in $users) {
            if($activeUser.UserName -eq $UserName) {
                $output+=$activeUser
                Write-Output $activeUser
            }
        }
    } 
}

# Show results, all computers that user is logged in to
$output

如何查找用户登录的所有计算机

2 个答案: