Link to home
Start Free TrialLog in
Avatar of tc100years
tc100years

asked on

Domain Admins last logon time audit report

I need a report showing the last logon time for all members of the Domain Admins account group.  Ideally it would also include account status info (disabled/enabled, expired date..).  

This shouldn't be difficult but after spending 5 hours playing with ADUC saved queries and SCOM ACS (which we have fully functional), I'm pulling my hair out.  Any advise at how to get at this data easily and repeatedly?

 
Avatar of Premkumar Yogeswaran
Premkumar Yogeswaran
Flag of India image
In this case you can use the 3rd party software Check this software..!
http://www.quest.com/changeauditor-for-active-directory/

Change auditor is the software useing in our org.
It is good and powerful sofware to track and audit the changes in Active directory
Avatar of Premkumar Yogeswaran
Premkumar Yogeswaran
Flag of India image
This software is also used in many other purpose in AD
http://www.quest.com/active-directory/
ASKER CERTIFIED SOLUTION
Avatar of Mike Kline
Mike Kline
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jgpd
jgpd
Flag of United States of America image
we are using dumpsec  it is free  and very easy  to handle
you can find it here :
http://www.systemtools.com/somarsoft/?somarsoft.com
Avatar of tc100years
tc100years

ASKER

Igpd,
How do I limit the DumpSec to just the Domain Admins group?  
Avatar of jgpd
jgpd
Flag of United States of America image
I did not see any filtering option, but if you select group on the available fields , you can import as csv  file open on excel and filtering as you want
Regards,
Jose
Avatar of bsharath
bsharath
Flag of India image
Use this script as a logon script. It will record all admin activity henceforth.

Change the UNC path\
You will get the From machine and user name and To machine also...

strLogFile = "\\sm\logs\DomainAdminLogonActivity.txt"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Const intForAppending = 8
Set objNetwork = CreateObject("WScript.Network")
Set objShell = CreateObject("WScript.Shell")
If LCase(objNetwork.UserName) = "administrator" Then
	Set objFile = objFSO.OpenTextFile(strLogFile, intForAppending, True)
	If Left(UCase(objShell.ExpandEnvironmentStrings("%SESSIONNAME%")), 3) = "RDP" Then
		objFile.WriteLine Now & vbTab & objShell.ExpandEnvironmentStrings("%CLIENTNAME%") & " accessed " & objNetwork.ComputerName & vbTab & objNetwork.UserName & vbTab & GetConsoleUser(objShell.ExpandEnvironmentStrings("%CLIENTNAME%"))
	Else
		objFile.WriteLine Now & vbTab & objNetwork.ComputerName & vbTab & objNetwork.UserName
	End If
End If
 
Function GetConsoleUser(strComputer)
	' Returns name of user logged on to console 
	' If no users are logged on, returns "" 
	On Error Resume Next
	Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
	Set colProc = objWMIService.ExecQuery("Select Name from Win32_Process Where Name='explorer.exe'") 
	strConsoleUser = ""
	For Each objProcess In colProc 
		lngReturn = objProcess.GetOwner(strUser, strDomain) 
		If lngReturn = 0 Then 
			strConsoleUser = strUser
		End If
	Next
	If Err.Number <> 0 Then strConsoleUser = "<ERROR>"
	Err.Clear
	On Error GoTo 0
	GetConsoleUser = strConsoleUser
End Function

Open in new window