I'm actually looking for a way to get login history for a specific username.
I have tried these ways but didn't work:
1. eventid 4624
It only shows logins to the DC itself, Not in the entire domain. E.g. a user has logged in to the DC. So Eventviewer logs this as an event with eventid 4624. But if a user logs in to another server (not DC) , nothing will be logged in DC's Eventviewr.
2. eventid 4769
It's about tickets that DC creates and assigns. But is wasn't helpful.
So how can I get the login history of a user in entire domain?
I reproduce your scenario and getting the expected result.
Event ID 4624 - An account was successfully logged on.
This event records every successful attempt to log on to the local computer. It includes critical information about the logon type (e.g. interactive, RemoteInteractive , batch, network, or service), SID, username, network information, and more. Monitoring this particular event is crucial as the information regarding logon type is not found in DCs. you can get a user login history report without having to manually crawl through the event logs.
Open the PowerShell ISE → Run the following script, adjusting the timeframe:
# Find DC list from Active Directory
$DCs = Get-ADDomainController -Filter *
# Define time for report (default is 1 day)
$startDate = (get-date).AddDays(-1)
# Store successful logon events from security logs with the specified dates and workstation/IP in an array
foreach ($DC in $DCs){
$slogonevents = Get-Eventlog -LogName Security -ComputerName $DC.Hostname -after $startDate | where {$_.eventID -eq 4624 }}
# Crawl through events; print all logon history with type, date/time, status, account name, computer and IP address if user logged on remotely
foreach ($e in $slogonevents){
# Logon Successful Events
# Local (Logon Type 2)
if (($e.EventID -eq 4624 ) -and ($e.ReplacementStrings[8] -eq 2)){
write-host "Type: Local Logon`tDate: "$e.TimeGenerated "`tStatus: Success`tUser: "$e.ReplacementStrings[5] "`tWorkstation: "$e.ReplacementStrings[11]
}
# Remote (Logon Type 10)
if (($e.EventID -eq 4624 ) -and ($e.ReplacementStrings[8] -eq 10)){
write-host "Type: Remote Logon`tDate: "$e.TimeGenerated "`tStatus: Success`tUser: "$e.ReplacementStrings[5] "`tWorkstation: "$e.ReplacementStrings[11] "`tIP Address: "$e.ReplacementStrings[18]
Reference : Active Directory: How to Get User Login History using PowerShell - TechNet Articles - United States (English) - TechNet Wiki (microsoft.com)
You can also try with one easiest alternative way using A tool like ADAudit Plus that audits specific logon events as well as current and past logon activity to provide a list of all logon-related changes for particular user.
Step 1 : Download ADAdudit Plus in your VM and install it.
Step 2: Add your Server name ,Username and password.
Step 3 : Follow the below picture to get the logon details of particular user.
Reference : https://www.manageengine.com/products/active-directory-audit/kb/ad-user-login-history-report.html
Related
I put a user into an AD group, and after that, i used the below syntax to find if he has been put:
xp_logininfo 'domain\group_name', 'members'
and find the user domain\username is listed.
And then, I checked the user's permission path, using the following statements:
xp_logininfo 'domain\user_name', 'all'
execute as user = 'domain\user_name'
None of them worked, and all showing the error message as:
Msg 15404, Level 16, State 19, Line 12
Could not obtain information about Windows NT group/user 'domain\user_name', error code 0x5.
So what happens when query this user?
The error code 0x5 indicates access denied. Here are some troubleshooting methods.
• Check the user indeed exists in the AD group.
• Check if the service account is not disabled.
• Check if the user has dataread permissions.
I have a data driven subscription with 71 parameters. Every-time I run my subscription I get 5 errors and 71 of 71 processed with 5 errors. But when I count my report only 66 reports have been created. I tried to check the log but couldn't find any errors other than at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.Run(ContextBody callback)
at Microsoft.ReportingServices.Diagnostics.ExtensionClassFactory.CreateExtensionObject(Extension extConfig, Boolean typeOnly).
library!ReportServer_0-43!3b10!11/10/2015-11:46:20:: i INFO: Call to GetSystemPropertiesAction().
library!ReportServer_0-43!411c!11/10/2015-11:46:20:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.LogonFailedException: Logon attempt for user 'user' failed., Microsoft.ReportingServices.Diagnostics.Utilities.LogonFailedException: Log on failed. Ensure the user name and password are correct. ---> System.ComponentModel.Win32Exception: The user name or password is incorrect
at Microsoft.ReportingServices.Diagnostics.Utilities.LoginUtil.Login(String userName, IntPtr ptrPwd, String domain)
at Microsoft.ReportingServices.Diagnostics.Utilities.LoginUtil.Login(String userName, SecureStringWrapper userPwd, String domain)
at Microsoft.ReportingServices.Diagnostics.ImpersonationContext..ctor(String userName, SecureStringWrapper password, String domain)
--- End of inner exception stack trace ---;
Am I missing something,not reading the log properly? any help is appreciated. Thanks in advance!
To identify which logs are failing, you can view the report server's execution logs:
Use ReportServer
select * from ExecutionLog order by TimeStart DESC
The 'ReportID' field can be looked up in the reportserver's 'catalog' table. I find that having an SSRS report set up that queries this is invaluable.
Once you identify the reports that are failing (via the above queries) then you can try running them manually, to see if they work. If they do work, then set up a subscription for just those reports, and see if they work when run as a subscription.
If you've never had a problem with these before, my bet is that the datasources use pass-through authentication, which works when logged in, but not when run automatically.
Let us know how you get on!
I'm new cloudbees user, I've succeeded in building my war file but I can't deploy it because when a I'm going to use Deploy Now option, putting my application ID claxon/claxon I always get the same error:
**"hudson.util.IOException2: Server.InternalError - Expected Application ID format: account/appname > claxon/"**
this is the log..
hudson.util.IOException2: Server.InternalError - Expected Application ID format: account/appname > claxon/
at com.cloudbees.plugins.deployer.deployables.Deployable.deployFile(Deployable.java:152)
at com.cloudbees.plugins.deployer.DeployNowRunAction$Deployer.perform(DeployNowRunAction.java:639)
at com.cloudbees.plugins.deployer.DeployNowRunAction.run(DeployNowRunAction.java:484)
at com.cloudbees.plugins.deployer.DeployNowTask$ExecutableImpl.run(DeployNowTask.java:157)
at hudson.model.ResourceController.execute(ResourceController.java:88)
at hudson.model.Executor.run(Executor.java:236)
Caused by: com.cloudbees.api.BeesClientException: Server.InternalError - Expected Application ID format: account/appname > claxon/
at com.cloudbees.api.BeesClient.readResponse(BeesClient.java:850)
at com.cloudbees.api.BeesClient.applicationDeployArchive(BeesClient.java:435)
at com.cloudbees.plugins.deployer.deployables.Deployable.deployFile(Deployable.java:124)
... 5 more
Duration: 4.1 sec
Finished: FAILURE
Anybody can help me?.
Don't put the claxon/ the account is sorted for you when you choose the account from the account drop down. just put the id part.
If you expand the help text you will see that it says not to prefix:
Note: I used my superuser rights to capture this screenshot... the only bit that might be confidential is your account name, which you had already exposed via the original question.
I get the error shown below on sign in (via Devise)
Oddly, Rails/Devise seems to be returning a user id of '1' even though there is no user in my users table with an id of '1'. This seems to happen kind of randomly, I can't figure out what the problem is.
Here's the latest error message.
ODBC::Error: S1000 (9001) [Microsoft][SQL Server Native Client 11.0][SQL Server]The log for database '[redacted]' is not available. Check the event log for related error messages. Resolve any errors and restart the database.: EXEC sp_executesql N'UPDATE [users] SET [last_sign_in_at] = ''2012-11-12T16:58:34.020'', [current_sign_in_at] = ''2012-11-13T08:44:33.586'', [sign_in_count] = 69, [updated_at] = ''2012-11-13T08:44:33.630'' WHERE [users].[id] = 1; SELECT ##ROWCOUNT AS AffectedRows'
Here's the request params:
{"utf8"=>"✓",
"authenticity_token"=>"[redacted]=",
"user"=>{"email"=>"jkramxx#xx.com",
"password"=>"[FILTERED]",
"remember_me"=>"0"},
"commit"=>"Sign in"}
There actually is no user in the db with an id of "1", and theres nothing wrong with the server. The user jkramxx#xx.com has id of 60. ( user id 1 was deleted from the db a while ago). I thought it might be something in the session cookie so i deleted that as well).
I've seen similar odd behavior in the console, where I have been able to log in, but when I examine current_user in the debugger it shows the user having an id of '1' even though when I examine the db directly (using SQL Server Mgmt Studio) the user has id of 34 and there is no user with id of 1. Sometimes this beahvior goes away when I restart the debugger. All very random.
Any suggestions?
(Ruby 1.9.3./Rails 3.2.8 SQL Server 10 using ruby-obdc gem)
I am trying to create a Dcoument Approval WorkFlow, with Custom Task Edit infopath forms
Flow is ,When A Document is added into the List , it is assingned to User A , who is Orignator's Manager.
When User A Approves the document , it Assigned to User B for Approval.User B is fixed.
When User B has approved the document , then User B himself will assign the document to User C(Which means User C is dynamic and will be there at runtime).
When User C Approves it , A Task should be created for User , and work Flow should continue till User C Completes his Task.
Is Any of the Users , rejects the Task, The Workflow Should Stop.
How I implmented it ;
I created one Sequence Activity , as follows :
-create Task
-whileTaskNotComplete (onTaskChanged)
Complete Task
then Placed this Activity under Replicator Activity.
I am not sure how to set Replicator initialized and Child initialzed values .
I know replicator needs to be run for 3 times, but the last iterations value is not fixed, it is provided at runtime under second iteration.and under onTaskChange event of Activity.
How can I pass this value to workflow or next iteration?
second thing when i am setting any value for Apporver under replicator initialized method , it is assigning all the Tasks to same Approver which is set under initialized method.
could you please help me , I referred the videos http://www.shillier.com/Videos/MultipleTasks.wmv, but it is for Parallel mode , I need in sequential mode.
Thanks in advance.
Azra
I would start splitting it up in a state machine:
1 Start
2 Create and Assign Task
3 Wait for approval
4 End
in the "Wait for approval" you check for your conditions and then set a global variable for the next approver in line (make sure it's persisted) and set the state to "Create and Assign Task". Until you are done with your list.
1->2->3->(->2)->4