🙂 So with that, you can easily run this against your enterprise and have the data you need. Much nicer than a sequential run through all systems. $SIDs = $rootkey.GetSubKeyNames() | Where " -f $Computer,$_.Exception.Message)Īs I mentioned before, since I elected to use runspaces again, I was able to run through around 4000+ systems in a couple hours. $rootkey = ::OpenRemoteBaseKey("Users",$computer) With that now decided, I had to figure out the best way to accomplish this goal.īecause this would be used to query some 4000+ systems, I decided to use runspaces again to handle several jobs at a given time to greatly speed up the query.īecause I am querying the registry remotely on the HKEY_Users key, I need something that can translate the SIDs to a friendly username that can be read. In this case, I went with the workstation registry query because I wasn’t confident that the logs would have as many users as the workstations would.
There was, in fact, 2 other ways that I found that I could pull this information even though it had the risk of not being quite as accurate as querying the server directly. With this being an issue, I had to find another way to accomplish task. Unfortunately, this wasn’t the case as every client came back with ‘ExchangeServer’, thus putting the results at risk. The ClientMode property is supposed to show you whether the client is running in ExchangeServer (non-cached), or in CachedMode. Get-Mailbox -ResultSize Unlimited | Get-LogonStatistics | Select Name, ClientName, ClientMode
0 kommentar(er)
