在域环境下,要查看那些用户已经登录在域中,用那台电登录的,一般是启用登录事件审核,然后再去安全日志中去查找,安全日志中LOG量大,查看也不方便,有没有更方便的方法呢?

一次偶然的机会,从微软一位工程师中得到一个脚本,在域控制器上新建一个TXT文件,将下面内容COPY进去,存为.VBS ,然后执行就可以查看那些用户登录在域中的那台客户端上!

' Script for getting current logged user name on Domain
strDomainName = InputBox ("Please enter the internal Domain Name:","Script for getting current logged username","yourdomain.local")
arrDomLevels = Split(strDomainName, ".")
strADsPath = "dc=" & Join(arrDomLevels, ",dc=")


Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"'

Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = _
   "Select Name, Location from 'LDAP://"&strADsPath&"' " _
      & "Where objectClass='computer'" 
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst

Set oFSO = CreateObject("Scripting.FileSystemObject")
Set of = oFSO.CreateTextFile("LoggedUser.txt", True, True)

Do Until objRecordSet.EOF
   On Error Resume Next
   sPC = objRecordSet.Fields("Name").Value
    of.writeline " "
 of.writeline "Machine Name: "&sPC

 
 Set objWMILocator = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & sPC & "\root\cimv2")
   
    If Err = 0 Then
       
 Set col =  objWMILocator.ExecQuery _
    ("Select * from win32_computersystem")
 
 For Each item In col
 
  
  of.writeline  "Logged User: "&item.username
  
 Next
 Set col = Nothing
 Else
 of.writeline "!!! Cant connect to "&sPC&" !!!"
 
 End If

objRecordSet.MoveNext
Loop

of.close
MsgBox "Done! Cheers!"