Monthly Archives: October 2017

Logon Script and PowerShell ADAssist Tool

If you would like to read the other parts in this blog series please go to:

  1. Logon Script and PowerShell ADAssist Tool (Part 1)
  2. PowerShell ADAssist Tool and List-ADUsers Script (Part 2)
  3. PowerShell AD User Properties Script (Part 3)
  4. Exchange – PowerShell AD User Properties Script (Part 4)

In one of my first posts, I wrote about a monthly rolling log file which contains information about users’ activity; most importantly when and where each user logs on and logs off his or her computer. In addition, I’ve encouraged you to implement this or similar script in your organization to help you tackle tracking Logon / Logoff activity in your AD environment, which is somewhat a cumbersome process to do without the scripts.

PowerShell ADAssist Tool

Here I will show you an application I use to harness stats data produced by logon/logoff scripts created with PowerShell; my goal was to provide additional tools for smooth and efficient daily administration tasks.

Honestly, almost ten years ago I created an HTA application (see picture 01) with the exact same objective but never finalized the process of rendering all those VB scripts’ functions into PowerShell scripts.

Picture 01: my HTA application created in late 2008.

Instead, in this post I’ve decided to use an idea presented on TechNet script gallery under name “LazyWinAdmin”. The result is “PowerShell ADAssist” as shown in the picture 02.

Picture 02: newly created ADAssist tool

ADAssist is a PowerShell script that generates Windows Forms (WinForms) and provides the following features:

Computer component (as shown in picture 03):

  • Verifies the connectivity and general information for selected computer
  • Provides information regarding computer’s operating system
  • Displays network configuration, update GPOs, list settings and ports
  • Queries and display services, process …

Picture 03: computer section of the ADAssist tool

User component (as shown in picture 04):

  • Displays basic user info
  • Provides list of the computer(s) used by selected user
  • Shows logon activity for selected user and selected log file
  • Launches a tool to display, manage and edit user’s attributes and membership in AD

Picture 04: user section of the ADAssist tool

It is important to note that this tool does not need stats data produced by logon/logoff scripts. You could simply type a computer’s name and click on one of the buttons displayed on the application’s tabs (General, Operating System, Network and Services-Processes). But, the option to harness logon/logoff stats data makes it an efficient Active Directory Management tool, with ability to search and manage your users and computers accounts; it is especially useful in an environment where computers exist with multiple users’ accounts and provides the following:

  • consistent and accurate view of the computers being used by the selected user
  • general information about logon sessions associated with users/computers
  • display status of computers and makes data associated with users’ profiles easily accessible

How you install/configure ADAssist?

No installation required; just download the compressed file from the download/application section of this site and extract it anywhere you want (in my example it is extracted inside C:\PSScript\AD-Assist folder).

Picture 05: Location of ADAssist application

Note the XML file named “ADassistConfigFile.xml” which is an integral part of this app. As shown in picture 06. ADAssist.ps1 script reads XML document and stores the elements’ content into the script’s variables.

Some nodes/elements (like ‘<PcOU>’) could be empty, but some, like user element ‘<UserOU>’ must have value – Distinguished Name of an OU in Active Directory that contains users’ accounts.

Picture 06: ADAssist XML configuration file

If the user element ‘<UserOU>’ in XML file is empty, upon launch of the ADAssist.ps1 script, the select OU windows form will show up to let you choose an organizational unit containing users’ accounts (see the picture 07). The selected OU’s DistinguishedName will be saved in ‘<UserOU>’ element of the ADassistConfigFile.xml file. To complete this step, once you’ve selected an OU, please click ‘OK’ button to close the form, and then on ADAssist form please click ‘Refresh User List’ button to populate drop-down users’ list.

Picture 07: this OU windows form lets you choose an OU containing users’ accounts.

Please click ’Select Log File’ button as shown in picture 08 to finalize configuration settings. In the ‘Select Logon File’ dialog box, either type the path to a file or click ‘Browse’ button to pick a folder holding a file with logon stats data and then by clicking ‘Select’ button, save the selection to the XML configuration file.

Picture 08: Select Logon file

I always use the most recent log file, actually the one being produced by logon script!!! When required to do some auditing related tasks, I use the other log files previously created by logon script.

Certainly, you can always open the ADassistConfigFile.xml file with Notepad and populate its elements with values that correspond to your Active Directory and network environment.

With these configuration settings completed, you enable ADAssist to harness stats data produced by logon/logoff scripts. The script will search the specified Log File for the selected User Name from the drop-down list and produce a list of computers used by a selected user for the period of time encompassed by a logon script.

With ADAssist you can use any log file in your environment, produced by powershell, VB script or a bat file; it is important that the log file has UserName and ComputerName combination.

For example, here is the monthly rolling Log File with name 2012-11.txt as presented in one of my posts; it is not a proper .csv file, but it has separate data fields delimited with a comma, and it does not have a header with a list of column names in the file:

LogDate, LogTime, UserName, ComputerName, Action [NOTE: column names do not exist]

2012-11-12, 11:28 AM, Alex, Halifax-01, Login

2012-11-12, 11:31 AM, Alex, Dartmouth-02, Login

2012-11-12, 11:32 AM, Alex, Halifax-01, Logoff

2012-11-12, 3:30 PM, David, Bedford-03, Logoff

2012-11-12, 3:33 PM, John, Dartmouth-04, Login

Another example could be a Log File named ‘logoninfo.txt’ which is a proper tab separated CSV file and looks as follows:

PCName                      UserName       Date

Bldg05-OC-L0208     Smith.A           2017:04:28:15:28:15

Bldg04-OA-L0081     Parker.F           2017:04:28:15:30:21

Bldg01-03-W0984      Miller.W          2017:04:28:15:30:24

Bldg05-OC-WP160    Trump.D          2017:04:28:15:32:49

To use different Log Files, you need to edit just a few lines of code in ADAssist (lines 230-238 to be specific). In the following paragraphs you can observe how script uses two cmdlets ‘Get-Content’ and ‘Import-CSV’ to  read and parse the above presented text/CSV files.

PowerShell comma delimited log file example (NOTE: this option is integrated in ADAssist):

$obj = New-Object -TypeName PSObject

Get-Content -Path $Script:logFile |

ForEach-Object {

$obj| Add-Member -Force -MemberType Noteproperty -Name "LogDate" -Value $_.Split(",")[0]

$obj| Add-Member -Force -MemberType Noteproperty -Name "LogTime" -Value $_.Split(",")[1]

$obj| Add-Member -Force -MemberType Noteproperty -Name "UserName" -Value $_.Split(",")[2]

$obj| Add-Member -Force -MemberType Noteproperty -Name "PCName" -Value $_.Split(",")[3]

$obj| Add-Member -Force -MemberType Noteproperty -Name "Action" -Value $_.Split(",")[4]

$obj| Where-Object {$_.UserName.Trim() -eq $DropDown.SelectedItem.SamAccountName}

} | Select-Object -Property PCName -Unique | 

VB Script tab separated CSV log file example:

$obj = New-Object -TypeName PSObject

Import-Csv -Delimiter "`t" -Path $Script:logFile -Header "PCName","UserName","Date"| 

Select -Property PCName, UserName, Date |

ForEach-Object {

$obj| Add-Member -Force -MemberType Noteproperty -Name "PCName" -Value $_.PCName

$obj| Add-Member -Force -MemberType Noteproperty -Name "UserName" -Value $_.UserName

$obj| Add-Member -Force -MemberType Noteproperty -Name "Date" -Value $_.Date

$obj| Where-Object {$_.UserName.Trim() -eq $DropDown.SelectedItem.SamAccountName}

} | Select-Object -Property PCName -Unique |

 How ADAssist works?

As previously stated, ADAssist app could be used just by typing a computer name in the ‘Optional – Type Computer Name’ text box and a click on one of the buttons displayed on the tool’s tabs (General, Operating System, Network and Services-Processes). The retrieved information is displayed in the RichTextbox where you have an option to copy it to the clip board or clear the content.

It is important to note that the typed-in computer’s name has precedence over a computer’s name selected in the grid view!

Most likely this tool will be used as shown in the picture 09.

Picture 09: usual ADAssist workflow

First, you will select a user name from drop-down list, then click on the ‘Run-Log File’ button to search the log file and display all computers used by a selected user for the period of time encompassed by logon stats data. If selected user has logged in and out of his/her system, the grid view will display all the computers recorded in the log file, along with their current network status and additional logon session information about other users.

The next step is to select a computer from the grid view and click on one of the buttons laid out on four tabs.

If you have clients located in different OU, but you have the same logon script, you would just click on ‘Select OU’ button and finalize the process of selecting a different OU in your Active Directory. To replace current list of users in the drop-down list with the ones in newly selected OU, please click the ‘Refresh User List’ button.

In addition to the basic information displayed for the selected user account, you could search and obtain user’s logon activity by clicking on ‘User Logon Info’ button – see picture 10. Just type the path to a log file or click ‘Browse’ button to pick a folder holding a file with logon stats data and then click ‘Run’ button to obtain user’s logon activity information.

Picture 10: unfiltered logon activity from one log file

And if you want to view additional user’s attributes or to administer selected user account, you can click on ‘Display User’ button and launch a new Windows form as shown in picture 11.

Picture 11: Administer selected user account

The next post will elaborate more on administration of user accounts in Active Directory as shown in the picture above and the current status of this ‘AD – User Properties’ form is ‘work in progress’. I have more features on the road-map and I would welcome any feature ideas / suggestions.