OK I have over 500 desktops in my company and can confirm from the lastlogontimestamp which ones are active and which ones are not – so far so good. I now need to know who was the last user to log on to the active ones & ideally get this info from Active Directory.
The desktops are scattered round a campus and might be logged on to only once a month etc. So instead of writing a script that runs at logon to identify the user etc etc, I'd rather get the info from a AD if possible. That way I dont have to wait another month for the unknown pc's to be switched on and then for the user to logon and run my script. If the PC's were left turned on I would be able to interrogate them directly etc etc. But aside from the infrequent use, they are off most of the time. Identifying the user would help me identify where the PC is located etc etc.
I suspect the information is not held within AD simply because I have searched and searched and cant find it but there is no harm in asking. Its a Windows 2008 network with XP & win 7 systems – thanks
Best Answer
You might be able to do this with the “audit account logon events" enabled on your domain controllers. Then, you could look at the "Account Logon" events on your domain controllers and search for specific entries to match the users / computers you are looking for. If you need to pool together entries from various domain controllers, you could subscribe to the events from your admin workstation.
I believe a tool like Splunk could be used for the event monitoring too.