tc100years
asked on
Domain Admins last logon time audit report
I need a report showing the last logon time for all members of the Domain Admins account group. Ideally it would also include account status info (disabled/enabled, expired date..).
This shouldn't be difficult but after spending 5 hours playing with ADUC saved queries and SCOM ACS (which we have fully functional), I'm pulling my hair out. Any advise at how to get at this data easily and repeatedly?
This shouldn't be difficult but after spending 5 hours playing with ADUC saved queries and SCOM ACS (which we have fully functional), I'm pulling my hair out. Any advise at how to get at this data easily and repeatedly?
This software is also used in many other purpose in AD
http://www.quest.com/active-directory/
http://www.quest.com/active-directory/
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
we are using dumpsec it is free and very easy to handle
you can find it here :
http://www.systemtools.com/somarsoft/?somarsoft.com
you can find it here :
http://www.systemtools.com/somarsoft/?somarsoft.com
ASKER
Igpd,
How do I limit the DumpSec to just the Domain Admins group?
How do I limit the DumpSec to just the Domain Admins group?
I did not see any filtering option, but if you select group on the available fields , you can import as csv file open on excel and filtering as you want
Regards,
Jose
Regards,
Jose
Use this script as a logon script. It will record all admin activity henceforth.
Change the UNC path\
You will get the From machine and user name and To machine also...
Change the UNC path\
You will get the From machine and user name and To machine also...
strLogFile = "\\sm\logs\DomainAdminLogonActivity.txt"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Const intForAppending = 8
Set objNetwork = CreateObject("WScript.Network")
Set objShell = CreateObject("WScript.Shell")
If LCase(objNetwork.UserName) = "administrator" Then
Set objFile = objFSO.OpenTextFile(strLogFile, intForAppending, True)
If Left(UCase(objShell.ExpandEnvironmentStrings("%SESSIONNAME%")), 3) = "RDP" Then
objFile.WriteLine Now & vbTab & objShell.ExpandEnvironmentStrings("%CLIENTNAME%") & " accessed " & objNetwork.ComputerName & vbTab & objNetwork.UserName & vbTab & GetConsoleUser(objShell.ExpandEnvironmentStrings("%CLIENTNAME%"))
Else
objFile.WriteLine Now & vbTab & objNetwork.ComputerName & vbTab & objNetwork.UserName
End If
End If
Function GetConsoleUser(strComputer)
' Returns name of user logged on to console
' If no users are logged on, returns ""
On Error Resume Next
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colProc = objWMIService.ExecQuery("Select Name from Win32_Process Where Name='explorer.exe'")
strConsoleUser = ""
For Each objProcess In colProc
lngReturn = objProcess.GetOwner(strUser, strDomain)
If lngReturn = 0 Then
strConsoleUser = strUser
End If
Next
If Err.Number <> 0 Then strConsoleUser = "<ERROR>"
Err.Clear
On Error GoTo 0
GetConsoleUser = strConsoleUser
End Function
http://www.quest.com/changeauditor-for-active-directory/
Change auditor is the software useing in our org.
It is good and powerful sofware to track and audit the changes in Active directory