Last active
August 25, 2016 22:42
-
-
Save jrwarwick/6216347 to your computer and use it in GitHub Desktop.
Reconnaissance utility script which queries MSAD for computer objects with given name pattern, then discover if they are currently pingable, and if so, attempt to find out who is logged in.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $accumulatedList ='' | |
| foreach ($ws in dsquery computer -limit 1000 -name "*COMMON-NAME-FRAGMENT*" | dsget computer -samid | %{$_ -replace "\$",""}) { | |
| $candidatehost = $ws.trim() | |
| ping -n 2 $candidatehost | |
| if ($LASTEXITCODE -eq 0) { | |
| echo "##==-- TARGET UNIT ACTIVE! --------- $candidatehost --==##`a" | |
| ## this line only works on TServers ## query session /server:$candidatehost | |
| try { | |
| $userProc = gwmi win32_process -computer $candidatehost -filter "Name = 'explorer.exe'" -ErrorAction "Stop" | |
| } | |
| catch { | |
| echo "error.minor: unable to query executing processes for evidence of user login session." | |
| $userProc = '' | |
| $userLoggedin = '' | |
| $userDetail = '' | |
| } | |
| if ($userProc) { | |
| $userLoggedin = $userProc.GetOwner().User | |
| if ($LASTEXITCODE -eq 0) { | |
| echo "`t$userLoggedin currently logged in." | |
| $userDetail = (dsquery user -samid $userLoggedin | dsget user -display -tel -mobile)[1] | |
| } else { | |
| $userLoggedin = ' no user login detected.' | |
| $userDetail = '' | |
| } | |
| } | |
| $accumulatedList = $accumulatedList + "$candidatehost `t`t$userLoggedin`t$userDetail`n" | |
| } | |
| } | |
| Write-Host "Units up, in summary:`n $accumulatedList" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment