确定是否在公元一台计算机有一个用户登录 [英] Determine if a computer in AD has a user logged in

问题描述

我想接收当前连接到AD，哪些人谁拥有用户登录到AD的所有计算机。我试着用 ComputerPrincipal 的 .LastLogon 属性，但我得到的值是完全关闭，约一个星期。

I'm trying to receive all computers that are currently connected to AD and which of them who has a user logged on to AD. I've tried with the ComputerPrincipal's .LastLogon property, but I get a value that is completely off, about a week.

我想知道哪些计算机在公元谁的availiable。有另一种方法，我可以使用？

I want to know which computers in AD who's availiable. Is there another method I can use?

PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "192.168.0.101:389", "Administrator", "XXXX");

// define a "query-by-example" principal - here, we search for a ComputerPrincipal 
ComputerPrincipal qbeComputer = new ComputerPrincipal(ctx);

// create your principal searcher passing in the QBE principal    
PrincipalSearcher srch = new PrincipalSearcher(qbeComputer);

// find all matches
foreach (var found in srch.FindAll())
{
    // do whatever here - "found" is of type "Principal" - it could be user, group, computer.....          
    ComputerPrincipal cp = found as ComputerPrincipal;

    if (cp != null)
    {
       string computerName = cp.Name;
       DateTime? lastLogon = new DateTime();
       lastLogon = cp.LastLogon;
       DateTime convertedDate = DateTime.SpecifyKind(DateTime.Parse(cp.LastLogon.ToString()), DateTimeKind.Utc);

       var kind = convertedDate.Kind;
       DateTime dt = convertedDate.ToLocalTime();

       Response.Write(cp.Name+"   :   "+ dt.ToString()+ "<br />");
    }
 }

编辑：

我要打印出来是这样的：

I want the print-out to be like this:

计算机1：真 计算机2：假 电脑3：假 计算机4：真

Computer 1: True Computer 2: False Computer 3: False Computer 4: True

它是不可能的，如果它当前登录真实查询电脑吗？我只是需要一个布尔值，真或假。

Is it impossible to query a computer if it's currently logged on? I just need an bool, True or False.

推荐答案

您需要在森林/域中的所有域控制器查询安全事件日志，以确保用户登录某些machine.Then应使用与该工作站WMI检查用户仍处于登录状态。

You need to query security event log on all domain controller in forest/domain to make sure that user is logged on some machine.Then you should contact this workstation using WMI to check if user is still logged on.

事件可能会感兴趣的是登录事件的交互式登录类型（编号4624进行登录， 4634对于注销）。

Event you may interest are Logon events with type of interactive logon (ID 4624 for logon, 4634 for log off).

然而，当电脑连接丢失与域（笔记本电脑很常见）和用户登录过，没有域控制器将收到注​​销事件。

However, when PC lost connectivity with domain (very common for notebooks) and user logs-off, none domain controller will receive logoff event.

用户可以actualy登录无域previously创造了他的电脑帐户的本地缓存。

User can actualy logs on without domain is previously have created local cache of his account on PC.

正如有人说lastlogon和的lastLogonTimestamp不能用于可靠的方式来追踪用户登录，检查的这个和这个

As others said lastlogon and lastlogontimestamp can not be used for reliable way to track user logon, check this and this

一些例子这里

和这里和<一个更多信息 href="http://stackoverflow.com/questions/2462426/c-how-to-query-for-an-event-log-details-with-a-given-event-id">here

这篇关于确定是否在公元一台计算机有一个用户登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！