Well, for starters... The information is in your eventlogs on ALL the domain controllers (collectively).
So, WMI and the Win32_Eventlog class is a good place to start (via Win32::OLE). http://www.manross.net/download.aspx?file=/perl/scripts/wmi-generic.pl C:\perl\scripts>perl wmi-Generic.pl DOMAINCONTROLLER1 Win32_NTLogEvent -where="LogFile='Security' and EventCode=528 and User='DOMAINNAME\\presidentofthecompany' and Type='Audit Success'" (above == logon events but it isnt perfect for your needs as you really want an interactive logon, not network logons -- which this also includes) -- I believe you want a LogonType == 2, but that's not a WQL-able filter... You'd have to write a regex and get perl to discard the events you don't want to see for you. If you are looking for specific users and all the computers they have logged in to, this would probably be the most efficient way to do it and allow you to zero in on specific systems to target. If instead you had your heart set on physically checking every system (maybe because your event logs don't go back to the beginning of time.. HA-HA) You can check to see if the user profile is still loaded on that system via the "ProfileList" registry entry (and the existance of the user profile in "Documents and Settings" or the "Users" dir on newer OSes) However, this still won't always tell you what you need as the profile can be deleted by scripty admins who need/want to conserve space on those systems for people that havent logged in for X days/months/years and technically a computer could be removed from the domain and reformatted without you getting to see the data you are after, first. An easier way to do this would be to have a domain logon script that writes info to a log file and then you can parse the list from there. But then you would have had to start this a few years ago for you to be able to harvest data now (and not had any errors maintaining that log ever). :) HTH Steven -----Original Message----- From: perl-win32-users-boun...@listserv.activestate.com [mailto:perl-win32-users-boun...@listserv.activestate.com] On Behalf Of Barry Brevik Sent: Monday, June 04, 2012 11:20 AM To: perl Win32-users Subject: help with Win32 I have both of the Roth books, but I've come up empty. I have a need to determine which client machine a given user (or all users) has logged into the domain from. I'm willing to back into it by starting with all client machines. I'm willing to process all of the machines and users in the domain if necessary. In fact, I'm willing to jump through a fair number of hoops to collect this information. Does anyone out there know how to do this, or at least have an idea as to how to do this? Thanks in advance, Barry Brevik _______________________________________________ Perl-Win32-Users mailing list Perl-Win32-Users@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs _______________________________________________ Perl-Win32-Users mailing list Perl-Win32-Users@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
