Show User's Logged On Computer Name In Active Directory

Show User's Logged On Computer Name In Active Directory

Reference: https://community.spiceworks.com/how_to/34096-show-user-s-logged-on-computer-name-in-active-directory

I had a slight modification of this in many of the prior environments that I used to manage in Active Directory where I would have some things that would update AD property fields for better tracking and utilization. I am re-posting an article that is a great reference for the tool.

My personal links to the vb scripts:
UpdateUserDescription.vbs
DescriptionScripts.vbs

Use Active Directory to show which computer a user has logged on to with a logon script that will update the user's description field with their computer name and logon time. This will allow a system administrator to look up the user in AD to see which computer they are/were logged on to.

Note: If a user logs on to multiple computers, the description will only show the most recently logged on computer.

Steps (7 total)

1

Delegate AD permission to allow users to update their description field

Expand

In Active Directory, right click your Domain (or OU containing the users you want to update) and select Delegate Control. Add the SELF account then click Next.

2

Create a custom task to delegate for User objects

Expand

Select "Create a custom task to delegate". Then select "Only the following objects in the folder" and Check "User objects".

3

Give Permission to Write Description

Expand

Check "Property-specific" then Check "Write Description".

4

Download the Script and add to Group Policy as Logon Script

Download the Logon Script (attachment on right).
Create or modify a Group Policy that will apply to users and add as a Logon Script.

Note: You could also copy and modify the script to update the description when a user logs off (i.e. "Logged off PCNAME at 4/14/2013 11:35:24 PM) and set as a Logoff Script.

UpdateUserDescription.vbs (454 bytes)

5

Test

Expand

Test the logon script and permissions by logging on as a user the Group Policy applies to. In Active Directory Users and Computers check the user's description (allow time for AD replication, refresh if needed).

6

Optional: Additional scripts for logoff and Computer startup/shutdown

Here are some additional scripts to display user logoff, computer startup, and shutdown times. Comes in handy for determining users and computers no longer in use (i.e. description indicates user logged off or computer shutdown 6 months ago). Just add scripts to their appropriate group policy settings.

DescriptionScripts.zip (1 KB)

7

Tip: Use Find to find users or computers

Expand

Use the Find feature in Active Directory Users and Computers to search for a user account and see which computer they last logged on to.

You can also do a search using the description field for *COMPUTERNAME* to find the user that last logged onto a specific computer.