如何监控的Active Directory用户登录/退出？ [英] How to monitor Active Directory user logon/logoff?

问题描述

我正在写一个简单的桌面应用程序的 C＃的显示在文本框的文本行，每当有人登录或关闭的的Active Directory 的。它注定在同一台机器上的广告的运行下的的Windows Server 2008 和的Windows Server 2003 的。到目前为止好，为的 S2008 的我已经成功地得到通过触发的 ManagementEventWatcher 每当与（事件一个事件code = 4624或事件code = 4634）被触发。

I'm writing a simple desktop application in C# that displays a line of text in a Textbox whenever someone logs on or off the Active Directory. It is destined to run on the same machine as AD, under Windows Server 2008 and Windows Server 2003. So far so good, for S2008 I've managed to get triggered by a ManagementEventWatcher whenever an event with the (EventCode = 4624 OR EventCode = 4634) is triggered.

下面是我目前使用WMI查询：

Here is the WMI query I am currently using:

SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance isa "Win32_NTLogEvent" AND (TargetInstance.EventCode = '4624' OR TargetInstance.EventCode = '4634')

然后我解析 eventArgs.Properties [TargetInstance]属性[信息] 寻找客户端的用户和IP地址。

and then I am parsing eventArgs.Properties["TargetInstance"].Properties["Message"] looking for the User and IP address of the client.

奇怪的是，即使当用户注销时，我仍然只能得到一个事件，事件code 4624.什么是发生于4634的事件？我如何赶上注销？

The odd thing is that even when a user logs off, I still only get one event with EventCode 4624. What is happening to the 4634 event? How do I catch logoffs?

（我也在寻找一个变通的SU：如何获得的应用程序通过任务计划推出的活动信息）

(I'm also looking for a work-around on SU: How to get event info in application launched by Task Scheduler?)

推荐答案

在的Windows Server 2008 的机器开始表现得像是只有几个小时的正常工作时间后。重新引导解决了这一问题。这只是一种直觉，但它可能已造成尝试推出我的应用程序的S2008机器上的错误太多太多次，搞乱操作系统的配置。

The Windows Server 2008 machine started behaving like that after only a few hours of uptime. A reboot fixed the problem. It is only a hunch, but it may have been caused by trying to launch my application on the S2008 machine too many times and with too many errors, messing up the operating system's configuration.

这篇关于如何监控的Active Directory用户登录/退出？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！