LDAP Query

A

Anzelem

I want to make a LDAP Query in Windows 2000 based Active Directory to get a
list of people who logs to a certain workstation an dthe total number. How do
i do this?
 
R

Richard Mueller [MVP]

Ansy said:
I want to make a LDAP Query in Windows 2000 based Active Directory to get a
list of people who logs to a certain workstation an dthe total number. How
do
i do this?
Click to expand...

Active Directory does not keep track of which users log into which
workstations. Active Directory does not even know who currently is logged
into which workstation.

I believe there is no way to determine (after the fact) how many times a
user has logged into a workstation. You might be able to tell which users
have logged into a particular computer using WMI to retrieve information on
the profiles saved on the machine.

You could use logon scripts to log the user and computer name to a shared
log file. This would allow you to tell which users logged into any
workstation, and the number of times. I have an example VBScript logon
script linked here:

http://www.rlmueller.net/Logon5.htm
 
A

Anzelem

--
Ansy


Richard Mueller said:
Active Directory does not keep track of which users log into which
workstations. Active Directory does not even know who currently is logged
into which workstation.

I believe there is no way to determine (after the fact) how many times a
user has logged into a workstation. You might be able to tell which users
have logged into a particular computer using WMI to retrieve information on
the profiles saved on the machine.

You could use logon scripts to log the user and computer name to a shared
log file. This would allow you to tell which users logged into any
workstation, and the number of times. I have an example VBScript logon
script linked here:

http://www.rlmueller.net/Logon5.htm
Click to expand...

Oops, I think you missed me here, you can assign which workstation/computer
to log on to in the AD. On a User Profile>Properties>Account tab>LOG
ON TO button>you can specify which computer to log onto this Domain from.
In my case i did this for several users specifying certain TERMINAL SERVERS.

I now need an LDAP query to give me a list of users who logs to a certain
computer (e.g SERVER1)???
 
R

Richard Mueller [MVP]

Anzelem said:
--
Ansy




Oops, I think you missed me here, you can assign which
workstation/computer
to log on to in the AD. On a User Profile>Properties>Account tab>LOG
ON TO button>you can specify which computer to log onto this Domain from.
In my case i did this for several users specifying certain TERMINAL
SERVERS.

I now need an LDAP query to give me a list of users who logs to a certain
computer (e.g SERVER1)???
Click to expand...

Oops, sorry. The attribute is userWorkstations. The value is a comma
delimited list of workstation NetBIOS names. A query for all users that have
a specified workstation ("TestComputer" in this example) specified in their
userWorkstations attribute would be:

(userWorkstations=*TestComputer*)

You need the * wildcard character on both ends. The query may be slow, but
should work. You should be able to use this query in ADUC, View, Filter
Options..., Create custom filter, Customize..., Advanced, and enter the
above LDAP filter. Otherwise, the filter can be used with command line
utilities like adfind or dsquery. To use the filter with ADO in a VBScript
program, see this link:

http://www.rlmueller.net/ADOSearchTips.htm
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

run LDAP query agains AD-domain? 1
LDAP Queries never work 3
LDAP Query Error 1
LDAP - SetPassword-ChangePassword method 0
custom LDAP query 2
operation similar SQL's JOIN in LDAP? 4
What is LDAP command line to query entire directory ? 1
LDAP Query Policy maxpagesize 1

Top