HiMoty said:Hello,
I wanted to know if i can view all currently logged user to a
specific domain (if i'm an admin of course).
Mike said:Moty,
Technically you can't.
This is because you are not logging into the Server and holding a session
live like various legacy systems that have the concept of a terminal session
on that machine.
You are actually being authenticated by the directory service, and actually
your logon authentication is can be done by any DC in the Domain.
We do log on the DC the lastLoginTimestamp for a user account and on a
native mode Server 2003 domain this attribute is replicated to all DCs in
the domain.
Torgeir Bakken (MVP) said:As far as I know, this attribute is only replicated once a week, so it
is not very useful in this type of cases I think (unless you are able
to reduce the replication time interval a lot).
marv said:Another way might be parsing the security logs on each dc for event id 540
assuming proper auditing is activated. Or do I jump to conclusions?
Isn´t there a problem basing your active users analysis on the
lastlogon/lastlogoff attributes? I mean if you´re logged on to more than
one
workstation and you logoff one workstation the lastlogoff attribute gets
updatet but still you´re a logged on user from the other workstation, huh?
marv said:Another way might be parsing the security logs on each dc for event id 540
assuming proper auditing is activated. Or do I jump to conclusions?
Isn´t there a problem basing your active users analysis on the
lastlogon/lastlogoff attributes? I mean if you´re logged on to more than
one
workstation and you logoff one workstation the lastlogoff attribute gets
updatet but still you´re a logged on user from the other workstation, huh?
Mike Brannigan said:Torgeir Bakken (MVP) said:Mike Brannigan [MSFT] wrote:
Moty,
Technically you can't.
This is because you are not logging into the Server and holding a
session
live like various legacy systems that have the concept of a terminal
session on that machine.
You are actually being authenticated by the directory service, and
actually your logon authentication is can be done by any DC in the
Domain.
We do log on the DC the lastLoginTimestamp for a user account and on a
native mode Server 2003 domain this attribute is replicated to all DCs
in
the domain.
As far as I know, this attribute is only replicated once a week, so it
is not very useful in this type of cases I think (unless you are able
to reduce the replication time interval a lot).
In which case the poster is back to parsing all DCs for both lastLogon
and
lastLogoff (both non replicated) and then doing the appropriate
calculations.
--
Regards,
Mike
--
Mike Brannigan [Microsoft]
This posting is provided "AS IS" with no warranties, and confers no
rights
Please note I cannot respond to e-mailed questions, please use these
newsgroups
Torgeir Bakken (MVP) said:Mike Brannigan [MSFT] wrote:
Moty,
Technically you can't.
This is because you are not logging into the Server and holding a
session
live like various legacy systems that have the concept of a terminal
session on that machine.
You are actually being authenticated by the directory service, and
actually your logon authentication is can be done by any DC in the
Domain.
We do log on the DC the lastLoginTimestamp for a user account and on a
native mode Server 2003 domain this attribute is replicated to all DCs
in
the domain.
As far as I know, this attribute is only replicated once a week, so it
is not very useful in this type of cases I think (unless you are able
to reduce the replication time interval a lot).
--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.