Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, June 9, 2017 12:02 AM
i found a handy script here
https://gallery.technet.microsoft.com/scriptcenter/d46b1f3b-36a4-4a56-951b-e37815a2df0c
this is almost exactly what i want to do
But i need to feed it a slimmed down version of the data first
this is all i have so far
$Comps = Get-ADComputer -Filter { OperatingSystem -Like '*Windows Server*' } -Properties OperatingSystem | select -ExpandProperty Name
$Comps | Get-LoggedOnUser
What I am trying to figure out (no training here) is how to get that list of names filtered by:
- Servers filtered out if they have not been active within 24 hours (have alot of auto generated servers still listed in AD)
- Filter out any server that starts with certain strings .. like IP and WEB for example
- then dump that into the Get-LoggedOnUser
We have users who forget to log out of RDP on servers and then they change their password and it usually locks their account after x amount of failed login attempts .. this is my way of when i see that failed login i can run this and see
be even better if i could make it just look for a certain user name.
Any Guidance / help is greatly appreciated
All replies (4)
Friday, June 9, 2017 12:40 AM | 1 vote
help where-object -full
This will teach you how to filter data in a pipeline.
To simplify your early attempt:
Get-ADComputer -Filter { OperatingSystem -Like '*Windows Server*'} |
ForEach-Object{
Get-LoggedOnUser $_.Name
} |
Where-Object{
#state your filter requirements here
}
\(ツ)_/
Friday, June 9, 2017 12:48 AM | 1 vote
Are you asking how to filter servers by name or do you really mean users?
To filter servers by time last seen we would used"
Search-AdAccount -Computer -Inactive 1
A server that has not logged in in only 24 hours would be very hard to detect because the login times are not that accurate.
I recommend that you define the exact servers you need first by server names or roles.
Look at the objects returned and decide which properties you need to filter on.
Names can be easily filtered with a "Where-Object" filter on the name.
Where-Object ( $_.Name -notmatch 'web|IP|XXX' }
You can also restrict by OU which is usually how server roles are grouped. All Web servers in a specific sub-OU, All RDS servers in a specific sub-OU.
To do this you will need to learn Active Directory, PowerShell and the architecture of your companies AD deployment.
\(ツ)_/
Friday, June 9, 2017 6:54 AM | 1 vote
Refer to this earlier thread might helps you:
https://social.technet.microsoft.com/Forums/office/en-US/0e5e4778-99e9-40d6-9c25-14cbad64ea36/find-out-inactive-computers-based-on-server-operating-system?forum=winserverDS
Thanks,
Solutions for Active Directory to audit, monitor and manage.
Friday, June 9, 2017 11:50 AM
Hi and thanks for the help!
What I am trying to do is this
we have like 200 (windows) servers on Amazon AWS
People have to change their passwords frequently
and when they do if they have not signed out of any RDP sessions they were in
The system will continually try to log them in, causing the account to get locked out.
I wanted a ps script that we could run to get a quick view of everyone that is still signed into any of the servers.
and since the first part pulls ad computers .. there are systems listed in there that are no longer active, i thought something that would just check if it have been on/used recently would remove the old orphaned systems that are no longer on.
plus we have systems that are autoscale .. they create and delete like crazy .. not worrried about those .. thats where the filtering out -notlike IP* or WEB* came in
I am new to power shell but Love to learn, so thanks for the help!.