Active AD users?

[Carlton]

I have 95% of all users logging into our AD domain. Is
there a way to tell who is logging in and who is not
without having to sift through the Event logs?
Also, is there a way to scroll a list of currently logged
in users?
Carlton.

 

[Phillip Windell]

Being "logged in" is not a constant thing. You log in and get authenticated
and receive a token key. That key is then used each time you access a
resource after that. However when no resources are being accessed nothing is
happening. You could literally unplug the network cable from the client
machine and no one would ever know the difference until the next time a
resource is requested.

It isn't like the old days of logging into a "green-screen terminal". There
is no "constant" state to be able to measure against.

 

[Steven L Umbach]

There is a free tool from SomarSoft called Dumpsec. If you use the report for
users/table you can add attributes for last logon time and logon server. If you run
this from a domain controller it will give you an idea of what is going on. The best
way to make sure users logon to the domain is to make sure that they do not have
local accounts on domain computers and are not in the local administrators group
which allows them to create local users. Keep in mind that the logon events in the
security log can be generated from non domain users using domain credentials to
access domain resources. If you audit "account logon" events for domain computers and
are finding "account logon" events in the security log on domain computers, then
users are logging onto the local computer and not the domain. Note that there is a
difference in "account logon" events and "logon" events. Only logon events will be
recorded in the security log of a domain computer if a domain users logs onto the
domain via a domain computer. In that case the "account logon" event will be recorded
in the security log of the domain controller that authenticated the user. --- Steve