Shulou(Shulou.com)06/02 Report--

Batch view domain user login computer information

In enterprises, there are often a variety of requirements for the collection of domain account information, such as collecting the login time of the account on which computer; or collecting information for computer hardware. It is recommended to use Bginfo for hardware collection, which is used in combination with AD group policy login script. The specific method is ignored in this article. So group policy function is very important, combined with scripts can achieve a lot of requirements, here by the way to introduce PowerShell, it is richer, more powerful, but also more practical, I hope you can in-depth understanding and learning, I believe that the future will be a necessary skill for relevant IT personnel.

This article will describe in detail how to check which computer AD users log in on and when to log in. The method is to set the domain login script to obtain login information, and then write this login information to the description field of the AD computer.

Note: the following environment is windows server 2012 R2.

1. First turn on the advanced function of AD viewing, right-click on the OU of the computer-Properties-Security-Advanced-Edit for Authenticated Users--apply to "future generations of computers"-write a description! Details of the settings are shown in the following figure.

From the image above, you can see many settings of properties in OU. For example, if you want to deny an AD user access to other OU information, you can use the security feature to right-click on the OU that prevents reading-Properties-Security-add AD users-reject-read!

2. Set the AD group policy login script for collecting information. The content of the script is as follows, and save as * .vbs:

* * *

On Error Resume Next

Set objSysInfo = CreateObject ("ADSystemInfo")

Set objComputer = GetObject ("LDAP://" & objSysInfo.ComputerName)

Set objUser = GetObject ("LDAP://" & objSysInfo.UserName)

StrCompDesc = objUser.CN

If strCompDesc "" then

ObjComputer.Description = strCompDesc & "|" & date& "& time

ObjComputer.SetInfo

End if

Set objUser = Nothing

Set objComputer = Nothing

Set objSysInfo = Nothing

* * *

3. Create a new GPO, set user configuration-Policy-windows Settings-script (login / logout)-login-add script, and link this GPO to the specified OU, which is set to global here. The steps are detailed in the picture below.

4. Run the command to force the refresh of the group policy on the AD after the setup is completed, and then log in to the client to test whether the policy is in effect.

5. Log in to win7pc1 using the AD account super, and then view the results in AD. The account number and login time information are displayed in the description.

So far, it's done.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.