在域环境下,要查看那些用户已经登录在域中,用那台电脑登录的,一般是启用登录事件审核,然后再去安全日志中去查找,安全日志中LOG量大,查看也不方便,有没有更方便的方法呢?
一次偶然的机会,从微软一位工程师中得到一个脚本,在域控制器上新建一个TXT文件,将下面内容COPY进去,另存为.VBS ,然后执行就可以查看那些用户登录在域中的那台客户端上!
' Script for getting current logged user name on Domain
strDomainName = InputBox ("Please enter the internal Domain Name:","Script for getting current logged username","yourdomain.local")
arrDomLevels = Split(strDomainName, ".")
strADsPath = "dc=" & Join(arrDomLevels, ",dc=")
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"'
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = _
"Select Name, Location from 'LDAP://"&strADsPath&"' " _
& "Where objectClass='computer'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set of = oFSO.CreateTextFile("LoggedUser.txt", True, True)
Do Until objRecordSet.EOF
On Error Resume Next
sPC = objRecordSet.Fields("Name").Value
of.writeline " "
of.writeline "Machine Name: "&sPC
Set objWMILocator = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & sPC & "\root\cimv2")
If Err = 0 Then
Set col = objWMILocator.ExecQuery _
("Select * from win32_computersystem")
For Each item In col
of.writeline "Logged User: "&item.username
Next
Set col = Nothing
Else
of.writeline "!!! Cant connect to "&sPC&" !!!"
End If
objRecordSet.MoveNext
Loop
of.close
MsgBox "Done! Cheers!"
