Powershell用户列表和他们登上的主机

3 回答

• 1

  你可以使用wmi函数

  Get-WmiObject -Class Win32_ComputerSystem -ComputerName "computersname" | Select-Object Name,Username
  

  回复于 2024-04-24T03:42:52+08:00
• 1

  我需要从Active Directory生成用户列表和他们登录的计算机 .

  此信息不存储在Active Directory中 . 您可以使用Active Directory审核来检索此信息 . 否则，您需要轮询每个工作站 .

  回复于 2024-04-24T03:42:52+08:00
• 1

  这是一种获得你想要的东西的方法 . 当机器在线时，您必须针对AD-Computer对象运行此操作，并捕获您无法访问的计算机的名称 . 这样的东西......

  #grab the DN of the OU where your computer objects are located...
      $OU = ("OU=Computers,DC=domain,DC=com")
  
      #put your filtered results in $computers (I filtered for Enabled objects)...
      $computers = @()
  
      ForEach ($O in $OU) {
  
          $computers += Get-ADComputer -SearchBase $O -filter 'Enabled -eq "True"' -Properties CN,distinguishedname,lastLogonTimeStamp | Select-Object CN,distinguishedname,lastLogonTimeStamp
  
      }
  
      #instantiate some arrays to catch your results
      #collected user info
      $userInfo = @()
      #computers you cannot ping
      $offline = @()
      #computers you can ping but cannot establish WinRM connection
      $winRmIssue = @()
  
      #iterate over $computers list to get user info on each...
      ForEach ($computer in $computers) {
  
      #filter out System account SIDs
      $WQLFilter = "NOT SID = 'S-1-5-18' AND NOT SID = 'S-1-5-19' AND NOT SID = 'S-1-5-20'" 
  
      $WQLFilter = $WQLFilter + " AND NOT SID = `'$FilterSID`'"
  
      #set number of login events to grab
      $newest = 20     
  
          #attempt to ping computer once by name. return 'true' is success...
          if (Test-Connection -ComputerName $computer.CN -Count 1 -ErrorAction Stop -Quiet) {
  
          #if ping is true, try to get some info...
              Try {
  
          #currently logged in user...
                  $user = Get-WmiObject -Class Win32_ComputerSystem -ComputerName $computer.CN | select -ExpandProperty username
  
          #the most commonly logged in user, based on the past 20 log-ins...
                  $UserProperty = @{n="User";e={((New-Object System.Security.Principal.SecurityIdentifier $_.ReplacementStrings[1]).Translate([System.Security.Principal.NTAccount])).ToString()}}
                  $logs = Get-EventLog System -Source Microsoft-Windows-Winlogon -ComputerName $computer.CN -newest $newest | select $UserProperty
                  $freqent = $logs | Group User | Sort-Object Count | Select -First 1 | Select-Object -ExpandProperty Name
  
                  }
  
          #catch any connection issues...
              Catch {
  
                  $cantInvoke = [pscustomobject][ordered]@{
  
                  'Computer' = $computer.CN
                  'Message' = "Could not Invoke-Command. Probably a WinRM issue."            
  
                  }
  
                  $winRMIssue += $cantInvoke
  
                  }
  
          #custom psobject of gathered user info...
              $userInfoObj = New-Object psobject -Property ([ordered]@{
  
                  'Computer' = $computer.CN
                  'LoggedInUser' = $user
                  'mostCommonUser' = $frequent            
  
                  })
  
                      $userInfo += $userInfoObj
  
                  }
  
          #if you could not ping the computer, gather that info here in a custom object...               
          else {
  
               $noPing = [pscustomobject][ordered]@{
  
               'Computer' = $computer.CN
               'DN' = $computer.distinguishedname
               'lastLogonDate' = [datetime]::FromFileTime($computer.lastLogonTimeStamp).toShortDateString()
  
               }
  
               $offline += $noPing
  
               }
  
   #then kick out the results to csv
  $userInfo | Sort-Object Computer | export-csv -Path c:\path\file.csv -NoTypeInformation
  
  $offline | Sort-Object lastLogonDate | export-csv -Path c:\path.file2csv -NoTypeInformation
  
  $winRmIssue | Sort-Object Computer | export-csv -Path c:\path\file3.csv -NoTypeInformation
  

  回复于 2024-04-24T03:42:52+08:00