Report logged in users in real-time?

[Rogue]

Is there anyway to report in real-time when a users logs on and off in an Active Directory environment? I'm not talking about checking event logs, I'm talking about something like an SNMP message or something that can be triggered and sent in real-time. Does anyone have an idea or experience doing such a thing?

Here's the reason. We have a high ranking member of the staff that insists that our Exchange servers NEVER under any circumstances be taken down, rebooted, etc. I would like to know when he is actually logged in to the network and/or in his mailbox even. I have a system called IT Monitor that can capture SNMP data and report it any way I wish. Any ideas?

 

[Fardringle]

There may be more graceful methods, but you can set up auditing for his account that sends you an alert notification on any successful login attempt. I'm not sure if you can do the same for when he logs out of the system, but it could be a place to start until someone else pops in with a better solution.

 

[nweaver]

Originally posted by: Rogue
Is there anyway to report in real-time when a users logs on and off in an Active Directory environment? I'm not talking about checking event logs, I'm talking about something like an SNMP message or something that can be triggered and sent in real-time. Does anyone have an idea or experience doing such a thing?

Here's the reason. We have a high ranking member of the staff that insists that our Exchange servers NEVER under any circumstances be taken down, rebooted, etc. I would like to know when he is actually logged in to the network and/or in his mailbox even. I have a system called IT Monitor that can capture SNMP data and report it any way I wish. Any ideas?

Just get it in writing. The chance of missing a critical OS or Exchange patch goes up every week, and eventually it'll go down hard, and you can point at him and say "I told you so"

 

[Rogue]

Originally posted by: nweaver

Originally posted by: Rogue
Is there anyway to report in real-time when a users logs on and off in an Active Directory environment? I'm not talking about checking event logs, I'm talking about something like an SNMP message or something that can be triggered and sent in real-time. Does anyone have an idea or experience doing such a thing?

Here's the reason. We have a high ranking member of the staff that insists that our Exchange servers NEVER under any circumstances be taken down, rebooted, etc. I would like to know when he is actually logged in to the network and/or in his mailbox even. I have a system called IT Monitor that can capture SNMP data and report it any way I wish. Any ideas?

Just get it in writing. The chance of missing a critical OS or Exchange patch goes up every week, and eventually it'll go down hard, and you can point at him and say "I told you so"

I'm dealing with a combat engineer trained, US Army Colonel here. I've likened NOT patching the system to allowing troops on the perimeter to fall asleep and allow the enemy to infiltrate the CP (command post) and he doesn't care. I've fought this battle to the farthest extent possible, short of shooting the man. Besides, I'd like to know how often he's actually on the system, because he would have us believe that he's on it nearly 24/7.

 

[Brazen]

Originally posted by: Rogue

Originally posted by: nweaver

Originally posted by: Rogue
Is there anyway to report in real-time when a users logs on and off in an Active Directory environment? I'm not talking about checking event logs, I'm talking about something like an SNMP message or something that can be triggered and sent in real-time. Does anyone have an idea or experience doing such a thing?

Here's the reason. We have a high ranking member of the staff that insists that our Exchange servers NEVER under any circumstances be taken down, rebooted, etc. I would like to know when he is actually logged in to the network and/or in his mailbox even. I have a system called IT Monitor that can capture SNMP data and report it any way I wish. Any ideas?

Just get it in writing. The chance of missing a critical OS or Exchange patch goes up every week, and eventually it'll go down hard, and you can point at him and say "I told you so"

I'm dealing with a combat engineer trained, US Army Colonel here. I've likened NOT patching the system to allowing troops on the perimeter to fall asleep and allow the enemy to infiltrate the CP (command post) and he doesn't care. I've fought this battle to the farthest extent possible, short of shooting the man. Besides, I'd like to know how often he's actually on the system, because he would have us believe that he's on it nearly 24/7.

Follow him home and wait till he goes to sleep, then reboot the server.

 

[spherrod]

Originally posted by: Rogue

Originally posted by: nweaver

Originally posted by: Rogue
Is there anyway to report in real-time when a users logs on and off in an Active Directory environment? I'm not talking about checking event logs, I'm talking about something like an SNMP message or something that can be triggered and sent in real-time. Does anyone have an idea or experience doing such a thing?

Here's the reason. We have a high ranking member of the staff that insists that our Exchange servers NEVER under any circumstances be taken down, rebooted, etc. I would like to know when he is actually logged in to the network and/or in his mailbox even. I have a system called IT Monitor that can capture SNMP data and report it any way I wish. Any ideas?

That's ridiculous - can you not go to his superiors at all?


Just get it in writing. The chance of missing a critical OS or Exchange patch goes up every week, and eventually it'll go down hard, and you can point at him and say "I told you so"

I'm dealing with a combat engineer trained, US Army Colonel here. I've likened NOT patching the system to allowing troops on the perimeter to fall asleep and allow the enemy to infiltrate the CP (command post) and he doesn't care. I've fought this battle to the farthest extent possible, short of shooting the man. Besides, I'd like to know how often he's actually on the system, because he would have us believe that he's on it nearly 24/7.

 

[Brazen]

Originally posted by: spherrod

Originally posted by: Rogue

Originally posted by: nweaver

Originally posted by: Rogue
Is there anyway to report in real-time when a users logs on and off in an Active Directory environment? I'm not talking about checking event logs, I'm talking about something like an SNMP message or something that can be triggered and sent in real-time. Does anyone have an idea or experience doing such a thing?

Here's the reason. We have a high ranking member of the staff that insists that our Exchange servers NEVER under any circumstances be taken down, rebooted, etc. I would like to know when he is actually logged in to the network and/or in his mailbox even. I have a system called IT Monitor that can capture SNMP data and report it any way I wish. Any ideas?

moved

Just get it in writing. The chance of missing a critical OS or Exchange patch goes up every week, and eventually it'll go down hard, and you can point at him and say "I told you so"

I'm dealing with a combat engineer trained, US Army Colonel here. I've likened NOT patching the system to allowing troops on the perimeter to fall asleep and allow the enemy to infiltrate the CP (command post) and he doesn't care. I've fought this battle to the farthest extent possible, short of shooting the man. Besides, I'd like to know how often he's actually on the system, because he would have us believe that he's on it nearly 24/7.

That's ridiculous - can you not go to his superiors at all?

fixed (did the same thing to me when I replied)

 

[dphantom]

You mentioned Exchange servers. Are they in a clustered environment?

 

[spherrod]

That's ridiculous - can you not go to his superiors at all?
[/quote]
fixed (did the same thing to me when I replied)[/quote]

Cheers :beer:

 

[spydernet]

Ask him whether his car can work non-stop...ie, without petrol...then of course he will say no...if he is normal then tell him every machine need some fuel to .....ask him go to SLEEP !!!

 

[blemoine]

How bout this idea. Schedule a reboot for middle of the night or early morning. Are you in danger of getting fired for going against that A-hole and rebooting. if so maybe a change of scenery is in order. good luck

 

[Rilex]

Exchange records the last log on and log off time in the ESM.

You could also go to technet.microsoft.com and look at some asynch. queries they have in the scripting section that use event sinks.