是否有可能来查询IP的域用户当前登录到域的计算机的地址（或机器名）的列表？

Is it possible to query a list of IP addresses (or machine names) of domain computers that a domain user is currently logged into?

问题"Getting登录带或不带Windows域用户名接近，只是我想找到相反的。

The question "Getting logged on user’s name with or without domain in Windows" comes close, only I want to find the opposite.

我问的可能是由于我的有关活动目录的内部知识的缺乏。我的直觉是，活动目录只知道什么时候（以及可能的地方）的域用户的最后验证，不跟踪当前会话或登录取舍。

I ask about the possibility due to my lack of knowledge concerning the internals of Active Directory. My gut feeling is that Active Directory only knows when (and possibly where) a domain user was last authenticated, and doesn't track current sessions or log-offs.

这提供了这种解决方案将是一个可以接受的答案，但是.NET解决方案是preferred任何语言。更重要的是，我想知道这是有可能的。

Any language that provides this solution will be an acceptable answer, but a .NET solution is preferred. More importantly, I'd like to know if this is even possible.

推荐答案

我不相信有一个地方inwhich可以得到这些信息。你可以找出最后一次用户登录并从什么AD DC进行身份验证，但问题是，当你首次登录DC响应是与认证服务器。该DC然后记录这个信息到事件日志，它驻留在每个主机，而不是在一个中央系统。你可以看到更多关于这从这些来链接： http://support.microsoft.com/kb/175062 和 http://www.tartoos.com/HomePage/Rtable/ComputerSchool/Networking /Net41.htm ，以便他这样说我想你可以从用户的帐户从AD的lastLogonTimestamp属性中的上次登录，然后从所有的DC的域中查询的事件日志，找出它是哪个DC验证他们从什么系统。但所有这一切只会告诉系统在过去lgged ....不是所有德的系统，他们可以登录到的。同样，你可以对比这些结果的退出时间可从DC eventlogs拉......但是真的，这似乎是一个主要的矫枉过正endevor，那你将有更好的运气写一个登录/注销脚本，有这些事件记录到中央报告系统，该系统可以使用供将来使用。

I don't believe that there is a one place inwhich this information can be obtained. You can find out the last time a user logged on and what DC authenticated from AD, but the problem is that when you login the first DC to respond is the server which authenticates with. that DC then logs this info to its eventlog, which resides on each host and not in a central system. You can see more about this from these to links: http://support.microsoft.com/kb/175062 and http://www.tartoos.com/HomePage/Rtable/ComputerSchool/Networking/Net41.htm SO that being said I guess you could get the last login from the lastLogonTimestamp AD property from the user account and then query the eventlog from all of the DC's in the domain to find out which DC it was that authenticated them and from what system. BUt all of this will only tell the last lgged on system....not all of teh systems that they could be logged into. Again you could compare these results to the logoff times which can be pulled from the DC eventlogs...but really this seems to be a major overkill endevor, and that you would have better luck writing a logon/logoff script which had these events logged to a central reporting system which you could use for future use.

下面是另一种选择，你可以查询WINS服务器轮询，它有一个用户，它应该返回系统inwhich它相信他们登录到登录信息，看到这个帖子了如何做到这一点：

Here is another alternative, you can query your WINS server to poll the logon information that it has for a user, which should return back the system inwhich it believes they logged into, see this post for how to do this:

http://www.visualbasicscript.com/m_56230/tm.htm

基本命令是：NETSH WINS服务器\\ WinsServerName SHOW名username 03

如果您正在使用某种形式的资产/系统管理软件，如桌面管理局，Altiris公司，等等，那么你可能有更多的运气探索那里的桌面代理记录该信息，因为它们通常也记录该信息到一些SQL表（ S）。

if you are using some sort of asset/system management software such as Desktop Authority, Altiris, etc. then you may have more luck exploring where the desktop agents log this information because they usually log this information also into some SQL table(s).