LDAP Query

Tutorials Win: Microsoft Windows Forum

I want to make a LDAP Query in Windows 2000 based Active Directory to get a
list of people who logs to a certain workstation an dthe total number. How do
i do this?
--
Ansy
Top

Re: LDAP Query by Richard

Richard
Thu Feb 07 04:59:17 PST 2008

Ansy wrote:

>I want to make a LDAP Query in Windows 2000 based Active Directory to get a
> list of people who logs to a certain workstation an dthe total number. How
> do
> i do this?
> --
> Ansy

Active Directory does not keep track of which users log into which
workstations. Active Directory does not even know who currently is logged
into which workstation.

I believe there is no way to determine (after the fact) how many times a
user has logged into a workstation. You might be able to tell which users
have logged into a particular computer using WMI to retrieve information on
the profiles saved on the machine.

You could use logon scripts to log the user and computer name to a shared
log file. This would allow you to tell which users logged into any
workstation, and the number of times. I have an example VBScript logon
script linked here:

http://www.rlmueller.net/Logon5.htm

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--


Top

Re: LDAP Query by Anzelem

Anzelem
Thu Feb 07 06:58:01 PST 2008


--
Ansy


"Richard Mueller [MVP]" wrote:

> Ansy wrote:
>
> >I want to make a LDAP Query in Windows 2000 based Active Directory to get a
> > list of people who logs to a certain workstation an dthe total number. How
> > do
> > i do this?
> > --
> > Ansy
>
> Active Directory does not keep track of which users log into which
> workstations. Active Directory does not even know who currently is logged
> into which workstation.
>
> I believe there is no way to determine (after the fact) how many times a
> user has logged into a workstation. You might be able to tell which users
> have logged into a particular computer using WMI to retrieve information on
> the profiles saved on the machine.
>
> You could use logon scripts to log the user and computer name to a shared
> log file. This would allow you to tell which users logged into any
> workstation, and the number of times. I have an example VBScript logon
> script linked here:
>
> http://www.rlmueller.net/Logon5.htm
>
> --
> Richard Mueller
> Microsoft MVP Scripting and ADSI
> Hilltop Lab - http://www.rlmueller.net
> --
>
>
>

Oops, I think you missed me here, you can assign which workstation/computer
to log on to in the AD. On a User Profile>Properties>Account tab>LOG
ON TO button>you can specify which computer to log onto this Domain from.
In my case i did this for several users specifying certain TERMINAL SERVERS.

I now need an LDAP query to give me a list of users who logs to a certain
computer (e.g SERVER1)???
Top

Re: LDAP Query by Richard

Richard
Thu Feb 07 08:53:54 PST 2008


"Anzelem" <Anzelem@discussions.microsoft.com> wrote in message
news:408C4EC3-34FC-4067-BD3F-BFE67F92ADA9@microsoft.com...
>
> --
> Ansy
>
>
> "Richard Mueller [MVP]" wrote:
>
>> Ansy wrote:
>>
>> >I want to make a LDAP Query in Windows 2000 based Active Directory to
>> >get a
>> > list of people who logs to a certain workstation an dthe total number.
>> > How
>> > do
>> > i do this?
>> > --
>> > Ansy
>>
>> Active Directory does not keep track of which users log into which
>> workstations. Active Directory does not even know who currently is logged
>> into which workstation.
>>
>> I believe there is no way to determine (after the fact) how many times a
>> user has logged into a workstation. You might be able to tell which users
>> have logged into a particular computer using WMI to retrieve information
>> on
>> the profiles saved on the machine.
>>
>> You could use logon scripts to log the user and computer name to a shared
>> log file. This would allow you to tell which users logged into any
>> workstation, and the number of times. I have an example VBScript logon
>> script linked here:
>>
>> http://www.rlmueller.net/Logon5.htm
>>
>> --
>> Richard Mueller
>> Microsoft MVP Scripting and ADSI
>> Hilltop Lab - http://www.rlmueller.net
>> --
>>
>>
>>
>
> Oops, I think you missed me here, you can assign which
> workstation/computer
> to log on to in the AD. On a User Profile>Properties>Account tab>LOG
> ON TO button>you can specify which computer to log onto this Domain from.
> In my case i did this for several users specifying certain TERMINAL
> SERVERS.
>
> I now need an LDAP query to give me a list of users who logs to a certain
> computer (e.g SERVER1)???

Oops, sorry. The attribute is userWorkstations. The value is a comma
delimited list of workstation NetBIOS names. A query for all users that have
a specified workstation ("TestComputer" in this example) specified in their
userWorkstations attribute would be:

(userWorkstations=*TestComputer*)

You need the * wildcard character on both ends. The query may be slow, but
should work. You should be able to use this query in ADUC, View, Filter
Options..., Create custom filter, Customize..., Advanced, and enter the
above LDAP filter. Otherwise, the filter can be used with command line
utilities like adfind or dsquery. To use the filter with ADO in a VBScript
program, see this link:

http://www.rlmueller.net/ADOSearchTips.htm

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--


Top