Powershell cmdlet to find logged in user to a particular domain computer

Welcome Forums General PowerShell Q&A Powershell cmdlet to find logged in user to a particular domain computer

  • This topic has 7 replies, 4 voices, and was last updated 3 weeks ago by
    Participant
    .
Viewing 7 reply threads
  • Author
    Posts
    • #188713
      Participant
      Topics: 1
      Replies: 2
      Points: -4
      Rank: Member

      Hi All,

      I am newbie to Powershell realm. I am trying to extract some information from Active Directory about a domain computer. Please  kindly assist me.

      I have a domain Windows 10 computer. I would like to use powershell cmdlet to find out who has last logged in to that computer as a domain user or the recent user that has logged into that particular computer. I did google search and found the following cmdlet but it is giving an error-

      Cmdlet: Get-UserLogon -Computer comp45456

      error: the term get-userlogon is not recognised as the the name of a cmdlet, function, script——–

      I am using this cmdlet on  my Windows 10 computer with powershell version 5.1 and has access to Active directory users and computers.

    • #188752
      Participant
      Topics: 1
      Replies: 1632
      Points: 3,074
      Helping Hand
      Rank: Community Hero

      There is no such cmdlet built in. You will have to write it yourself or search for something suitable in the PowershellGallery or TechnetGallery or whatever. Probably it would be helpful to learn more about Windows system in general. The information you're after is contained in the event log of the computer.

    • #188758
      Participant
      Topics: 0
      Replies: 1
      Points: 7
      Rank: Member

      Don't believe in handing someone an answer so I will just say if you use Get-Eventlog and the event ID (instance ID) I think its 4624 you should be able to get what you need fairly easily. Use where to filter out for the name your looking for.

    • #188764
      Participant
      Topics: 1
      Replies: 1632
      Points: 3,074
      Helping Hand
      Rank: Community Hero

      Please do not use Get-Eventlog anymore. Use Get-WinEvent instead.

    • #188818
      Participant
      Topics: 0
      Replies: 6
      Points: 79
      Rank: Member

      Hi Shresh,

      I agree with Olaf. You should look into understanding the windows OS and it's components. By learning the OS, you'll be able to better understand what you'll need to do to achieve the outcome you've been task to do and it will help you with support the scripts you write. I recommend using a third party logging application in the meantime so you don't have to worry about the support of it and leave that on the vendor. You could even consider using SCOM to collect event IDs of logged on users and query SCOM for a report of last logged on user.

    • #188947
      Participant
      Topics: 1
      Replies: 2
      Points: -4
      Rank: Member

      There is no such cmdlet built in. You will have to write it yourself or search for something suitable in the PowershellGallery or TechnetGallery or whatever. Probably it would be helpful to learn more about Windows system in general. The information you're after is contained in the event log of the computer.

      Thank you Olaf for the links to important resources for learning. I already wasted couple of hours trying to find out such cmdlet when there is no such one. I am at the moment just using basic cmdlet as a starter. I don't know about scripting.

    • #188959
      Participant
      Topics: 1
      Replies: 2
      Points: -4
      Rank: Member

      Hi Shresh,

      I agree with Olaf. You should look into understanding the windows OS and it's components. By learning the OS, you'll be able to better understand what you'll need to do to achieve the outcome you've been task to do and it will help you with support the scripts you write. I recommend using a third party logging application in the meantime so you don't have to worry about the support of it and leave that on the vendor. You could even consider using SCOM to collect event IDs of logged on users and query SCOM for a report of last logged on user.

      Thank you BenT! This computer is a domain computer and it is has been idle for  couple of months in AD  ( confirmed from connectwise tool) and located in different branch office. I don't have physical access to look at event log. I just can confirm that I need to learn more about PowerShell scripting to find the necessary information as I require.

    • #188998
      Participant
      Topics: 1
      Replies: 1632
      Points: 3,074
      Helping Hand
      Rank: Community Hero

      I don't have physical access to look at event log.

      You don't need to have physical access to query the event log of a remote computer. Please read the complete help for Get-WinEvent I linked above including the examples to learn how to use it.

Viewing 7 reply threads
  • You must be logged in to reply to this topic.