2

I'm trying to find out on what workstation the user is loged in at the time. I haven't found a way yet. Is this even possible? I have a username and want to get his current workstation.

I have domainadmin permissions and the client is in a domain. Using Powershell v5.

Fahad Sadah
  • 1,496
  • 11
  • 21
seyo -IV
  • 43
  • 7
  • do you have something like SCCM? i recall that it keeps track of that. the only other ways i can think of would be to query your DCs and look in the event log to see where the login cam from OR query every system looking to see where there are. – Lee_Dailey Apr 12 '19 at 12:47
  • Okay many suggestions. But the logonscript is no solution for me. – seyo -IV Apr 12 '19 at 14:06

1 Answers1

0

To determine which workstation a user logs in from you would need to scan the security event log on each domain controller. There is 3rd party software that can do this for you and aggregate it, but you would spend a lot of time trying to do this manually.

To start with you will need to increase the log size of your security logs on the domain controllers so they can store the logs until you have time to scan them. These 3rd party applications do this scan on a scheduled basis and you usually size the log big enough to give the application time to complete the scan before events get overwritten. Depending on the size of your environment you could be scanning logs once a day or every hour.

In short, there is no field in Active Directory that stores this information. Even the last logon time field is unique to a User Object on each Domain Controller.

Tim Liston
  • 696
  • 3
  • 8