首页 文章

Powershell用户列表和他们登上的主机

提问于
浏览 1760
0

有人会有什么建议吗?我需要从Active Directory生成一个用户列表和他们登录的计算机 . 我希望得到这样的东西:

Username Hostname

user.lastname ComputerA1

到目前为止,我已经:

Enter-PSSession Import-Module ActiveDirectory Get-ADComputer -Filter * -Properties Name Get-ADuser -filter * -Properties * | export-csv'\\ AD_UserLists.csv'

这很有效 . 我可以从AD生成一个计算机列表,我可以生成一个ADUsers列表(尽管有所有用户信息) . 不幸的是,我无法将数据生成为单个CSV .

建议/忠告????

Thanx,大卫

3 回答

  • 1

    你可以使用wmi函数

    Get-WmiObject -Class Win32_ComputerSystem -ComputerName "computersname" | Select-Object Name,Username
    
  • 1

    我需要从Active Directory生成用户列表和他们登录的计算机 .

    此信息不存储在Active Directory中 . 您可以使用Active Directory审核来检索此信息 . 否则,您需要轮询每个工作站 .

  • 1

    这是一种获得你想要的东西的方法 . 当机器在线时,您必须针对AD-Computer对象运行此操作,并捕获您无法访问的计算机的名称 . 这样的东西......

    #grab the DN of the OU where your computer objects are located...
        $OU = ("OU=Computers,DC=domain,DC=com")
    
        #put your filtered results in $computers (I filtered for Enabled objects)...
        $computers = @()
    
        ForEach ($O in $OU) {
    
            $computers += Get-ADComputer -SearchBase $O -filter 'Enabled -eq "True"' -Properties CN,distinguishedname,lastLogonTimeStamp | Select-Object CN,distinguishedname,lastLogonTimeStamp
    
        }
    
        #instantiate some arrays to catch your results
        #collected user info
        $userInfo = @()
        #computers you cannot ping
        $offline = @()
        #computers you can ping but cannot establish WinRM connection
        $winRmIssue = @()
    
        #iterate over $computers list to get user info on each...
        ForEach ($computer in $computers) {
    
        #filter out System account SIDs
        $WQLFilter = "NOT SID = 'S-1-5-18' AND NOT SID = 'S-1-5-19' AND NOT SID = 'S-1-5-20'" 
    
        $WQLFilter = $WQLFilter + " AND NOT SID = `'$FilterSID`'"
    
        #set number of login events to grab
        $newest = 20     
    
            #attempt to ping computer once by name. return 'true' is success...
            if (Test-Connection -ComputerName $computer.CN -Count 1 -ErrorAction Stop -Quiet) {
    
            #if ping is true, try to get some info...
                Try {
    
            #currently logged in user...
                    $user = Get-WmiObject -Class Win32_ComputerSystem -ComputerName $computer.CN | select -ExpandProperty username
    
            #the most commonly logged in user, based on the past 20 log-ins...
                    $UserProperty = @{n="User";e={((New-Object System.Security.Principal.SecurityIdentifier $_.ReplacementStrings[1]).Translate([System.Security.Principal.NTAccount])).ToString()}}
                    $logs = Get-EventLog System -Source Microsoft-Windows-Winlogon -ComputerName $computer.CN -newest $newest | select $UserProperty
                    $freqent = $logs | Group User | Sort-Object Count | Select -First 1 | Select-Object -ExpandProperty Name
    
                    }
    
            #catch any connection issues...
                Catch {
    
                    $cantInvoke = [pscustomobject][ordered]@{
    
                    'Computer' = $computer.CN
                    'Message' = "Could not Invoke-Command. Probably a WinRM issue."            
    
                    }
    
                    $winRMIssue += $cantInvoke
    
                    }
    
            #custom psobject of gathered user info...
                $userInfoObj = New-Object psobject -Property ([ordered]@{
    
                    'Computer' = $computer.CN
                    'LoggedInUser' = $user
                    'mostCommonUser' = $frequent            
    
                    })
    
                        $userInfo += $userInfoObj
    
                    }
    
            #if you could not ping the computer, gather that info here in a custom object...               
            else {
    
                 $noPing = [pscustomobject][ordered]@{
    
                 'Computer' = $computer.CN
                 'DN' = $computer.distinguishedname
                 'lastLogonDate' = [datetime]::FromFileTime($computer.lastLogonTimeStamp).toShortDateString()
    
                 }
    
                 $offline += $noPing
    
                 }
    
     #then kick out the results to csv
    $userInfo | Sort-Object Computer | export-csv -Path c:\path\file.csv -NoTypeInformation
    
    $offline | Sort-Object lastLogonDate | export-csv -Path c:\path.file2csv -NoTypeInformation
    
    $winRmIssue | Sort-Object Computer | export-csv -Path c:\path\file3.csv -NoTypeInformation
    

相关问题