Determine Who is Currently Logged on to Domain and with which Client - TechNet Articles - United States (English) - TechNet Wiki

Sometimes we need just find, where is user or on which client has user logged on!!
There are a lot of things, scripts or 3rd-party tools.
But, I use other thing, remember in this method, I do not neediv class="content-fragment-bottom fiji-content-fragment-bottom">

Determine Who is Currently Logged on to Domain and with which Client



2- Create a New Delegation in your current zone (My new delegation name is Users). Right click on your Zone (my zone name  is Contoso.com) and select New Delegation.



3- on Welcome to the New Delegation Wizard page, click Next.



4- On Delegated Domain Name page, write your Delegated domain name (in my case Users).



5- On Name Servers page, select Add.



6- Add your DNS server (in my case DC.Contoso.com with IP address 192.168.0.1), then click Next.



7- On Completing the New Delegation Wizard page, click Finish.



8- Now you can see new delegation name.



9- Now, we create new Zone (in my case, new zone name is Users.Contoso.com).

10- Right click on Forward Lookup Zones, select New Zone.



11- on Welcome to the New Zone Wizard page, click Next.



12- On Zone Type page, select Primary zone, then select Store the zone in Active Directory (available only if DNS server is a writeable domain controller), then click Next.



12- On Zone Type page, select Primary zone, then select Store the zone in Active Directory (available only if DNS server is a writeable domain controller), then click Next.



13- On Active Directory Zone Replication Scope page, select To all DNS servers running on domain controllers in this domain: (in my case domain name is Contoso.com), then select Next.



14- On Zone Name page, type you Zone name: (in my case is Users.Contoso.com), then select Next.



15- On Dynamic Update page, select Allow only secure dynamic updates, then select Next.



16- On Completing the New Zone Wizard page, check your setting, then click Finish.



17- You can see your new Zone name in DNS console (in my case Users.Contoso.com).



18- Now, I create a batch file with dnscmd.exe, also we create CNAME record for every user with logon script and delete this record with logoff script.

19- Here is batch file for logon (for example: DNSLogon.cmd) and I use pushd and popd because I will run Dnscmd.exe from UNC path:

pushd "%~dp0"
Dnscmd.exe DC.Contoso.com /recordadd Users.Contoso.com %USERNAME% CNAME %COMPUTERNAME%.Contoso.com

popd

20- Here is batch file for logoff (for example: DNSLogoff.cmd):

pushd "%~dp0"
Dnscmd.exe DC.Contoso.com /recorddelete Users.Contoso.com %USERNAME% CNAME %COMPUTERNAME%.Contoso.com /f

popd

21- But wait!!!, on clients we do not have Dnscmd.exe command and I will not copy Dnscmd.exe on clients, I copy Dnscmd.exe in Logon and Logoff Script folders.

22- Open Group Policy Management console.

23- I edit Default Domain Policy (but remember, in real environment you must create new GPO).

24- Right click on Default Domain Policy and select Edit.



25- Go to User Configuration\Polices\Windows Settings\Scripts (Logon/Logoff).



26- Right click on Logon and select Properties.



27- Select Add, select Browse and add your batch file (dnslogon.cmd) and copy Dnscmd.exe in this folder too.





28- Click OK and close Logon Properties window.



29- Same work for Logoff properties.



30- Now, run GPUPDATE /FORCE on Domain Controller.



31- Now, Open your DNS console again. Right click on DNS server name and select Properties.



32- Select Security tab, select Add, and add Users group and set just Read permission (again just Read permission).





32- Open Regedit.exe on Domain Controller, go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters and set  this registry keys:

Key: RpcAuthLevel
Value: 0x00000002

Key: MaxCacheTtl
Value: 0x00000001




Now, I test that configuration work or not.

I use Windows XP client and logged on with Ed Price (ed.price) account and use Windows 7 client with Richard Mueller (r.mueller) account (both accounts are normal domain user account) .

Key: RpcAuthLevel
Value: 0x00000002

Key: MaxCacheTtl
Value: 0x00000001






Now, we show DNS console, all users that logged on in domain have CNAME record:



I ping user names and I can find user on which client logged on!!

Ed Price use WinXP with IP 192.168.0.25



OR, I can find Richard Mueller on which client logged on with NSLOOKUP command:



When user logged off, CNAME record deleted automatic with logoff batch file and you can find out that user is not logged on to domain.

Now, Ed price logged off and CNAME record delted automatic.





Note: If your user did not correct logoff, CNAME record does not delete automatic. You must delete manually.