Is it possible to query a list of IP addresses (or machine names) of domain computers that a domain user is currently logged into?
是否可以查询域用户当前登录的域计算机的IP地址(或计算机名称)列表?
The question "Getting logged on user’s name with or without domain in Windows" comes close, only I want to find the opposite.
“在Windows中使用或不使用域登录用户名”这一问题非常接近,只是我想找到相反的结果。
I ask about the possibility due to my lack of knowledge concerning the internals of Active Directory. My gut feeling is that Active Directory only knows when (and possibly where) a domain user was last authenticated, and doesn't track current sessions or log-offs.
由于我对Active Directory内部缺乏了解,我想到了这种可能性。我的直觉是,Active Directory只知道域用户上次验证的时间(以及可能的位置),并且不会跟踪当前会话或注销。
Any language that provides this solution will be an acceptable answer, but a .NET solution is preferred. More importantly, I'd like to know if this is even possible.
提供此解决方案的任何语言都是可接受的答案,但首选.NET解决方案。更重要的是,我想知道这是否可行。
1 个解决方案
#1
I don't believe that there is a one place inwhich this information can be obtained. You can find out the last time a user logged on and what DC authenticated from AD, but the problem is that when you login the first DC to respond is the server which authenticates with. that DC then logs this info to its eventlog, which resides on each host and not in a central system. You can see more about this from these to links: http://support.microsoft.com/kb/175062 and http://www.tartoos.com/HomePage/Rtable/ComputerSchool/Networking/Net41.htm SO that being said I guess you could get the last login from the lastLogonTimestamp AD property from the user account and then query the eventlog from all of the DC's in the domain to find out which DC it was that authenticated them and from what system. BUt all of this will only tell the last lgged on system....not all of teh systems that they could be logged into. Again you could compare these results to the logoff times which can be pulled from the DC eventlogs...but really this seems to be a major overkill endevor, and that you would have better luck writing a logon/logoff script which had these events logged to a central reporting system which you could use for future use.
我不相信有一个地方可以获得这些信息。您可以找到用户上次登录的时间以及从AD验证的DC,但问题是当您登录第一个要响应的DC时,是通过身份验证的服务器。 DC然后将此信息记录到其事件日志中,该事件日志驻留在每个主机上,而不是驻留在*系统中。您可以从这些链接中查看更多相关信息:http://support.microsoft.com/kb/175062和http://www.tartoos.com/HomePage/Rtable/ComputerSchool/Networking/Net41.htm所以说的话我猜你可以从用户帐户中获取lastLogonTimestamp AD属性的最后一次登录,然后从域中的所有DC查询事件日志,找出哪个DC验证了它们以及从哪个系统进行身份验证。所有这些只会告诉最后一个系统....而不是所有系统都可以登录。再次,您可以将这些结果与可以从DC事件日志中提取的注销时间进行比较......但实际上这似乎是一个主要的过度杀伤力,并且您可以更好地编写记录这些事件的登录/注销脚本到*报告系统,您可以将其用于将来使用。
Here is another alternative, you can query your WINS server to poll the logon information that it has for a user, which should return back the system inwhich it believes they logged into, see this post for how to do this:
这是另一种选择,您可以查询您的WINS服务器以轮询它为用户提供的登录信息,该信息应该返回它认为已登录的系统,请参阅此帖子以了解如何执行此操作:
http://www.visualbasicscript.com/m_56230/tm.htm
basically the command is: "NETSH WINS SERVER \\WinsServerName SHOW NAME UserName 03"
基本上命令是:“NETSH WINS SERVER \\ WinsServerName SHOW NAME UserName 03”
if you are using some sort of asset/system management software such as Desktop Authority, Altiris, etc. then you may have more luck exploring where the desktop agents log this information because they usually log this information also into some SQL table(s).
如果您正在使用某种资产/系统管理软件,例如Desktop Authority,Altiris等,那么您可以更好地探索桌面代理记录此信息的位置,因为它们通常也会将此信息记录到某些SQL表中。
#1
I don't believe that there is a one place inwhich this information can be obtained. You can find out the last time a user logged on and what DC authenticated from AD, but the problem is that when you login the first DC to respond is the server which authenticates with. that DC then logs this info to its eventlog, which resides on each host and not in a central system. You can see more about this from these to links: http://support.microsoft.com/kb/175062 and http://www.tartoos.com/HomePage/Rtable/ComputerSchool/Networking/Net41.htm SO that being said I guess you could get the last login from the lastLogonTimestamp AD property from the user account and then query the eventlog from all of the DC's in the domain to find out which DC it was that authenticated them and from what system. BUt all of this will only tell the last lgged on system....not all of teh systems that they could be logged into. Again you could compare these results to the logoff times which can be pulled from the DC eventlogs...but really this seems to be a major overkill endevor, and that you would have better luck writing a logon/logoff script which had these events logged to a central reporting system which you could use for future use.
我不相信有一个地方可以获得这些信息。您可以找到用户上次登录的时间以及从AD验证的DC,但问题是当您登录第一个要响应的DC时,是通过身份验证的服务器。 DC然后将此信息记录到其事件日志中,该事件日志驻留在每个主机上,而不是驻留在*系统中。您可以从这些链接中查看更多相关信息:http://support.microsoft.com/kb/175062和http://www.tartoos.com/HomePage/Rtable/ComputerSchool/Networking/Net41.htm所以说的话我猜你可以从用户帐户中获取lastLogonTimestamp AD属性的最后一次登录,然后从域中的所有DC查询事件日志,找出哪个DC验证了它们以及从哪个系统进行身份验证。所有这些只会告诉最后一个系统....而不是所有系统都可以登录。再次,您可以将这些结果与可以从DC事件日志中提取的注销时间进行比较......但实际上这似乎是一个主要的过度杀伤力,并且您可以更好地编写记录这些事件的登录/注销脚本到*报告系统,您可以将其用于将来使用。
Here is another alternative, you can query your WINS server to poll the logon information that it has for a user, which should return back the system inwhich it believes they logged into, see this post for how to do this:
这是另一种选择,您可以查询您的WINS服务器以轮询它为用户提供的登录信息,该信息应该返回它认为已登录的系统,请参阅此帖子以了解如何执行此操作:
http://www.visualbasicscript.com/m_56230/tm.htm
basically the command is: "NETSH WINS SERVER \\WinsServerName SHOW NAME UserName 03"
基本上命令是:“NETSH WINS SERVER \\ WinsServerName SHOW NAME UserName 03”
if you are using some sort of asset/system management software such as Desktop Authority, Altiris, etc. then you may have more luck exploring where the desktop agents log this information because they usually log this information also into some SQL table(s).
如果您正在使用某种资产/系统管理软件,例如Desktop Authority,Altiris等,那么您可以更好地探索桌面代理记录此信息的位置,因为它们通常也会将此信息记录到某些SQL表中。