Add User Account Information to Active Directory Users and Computers
How can I add additional user account information option to the Active Directory Users and Computers context menu?
As seen in the Add Unlock User Option to Active Directory Users and Computers article, many of the daily tasks of a network administrator is to monitor user accounts, logo activities, password changes and account options, such as disabling and enabling user accounts, and also looking for logon information for the user account.
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
One method of viewing additional information about user accounts is by using the Acctinfo.dll add-in for Active Directory Users and Computers (as explained in the View Additional User Information in AD Users and Computers article).
Another method is by adding some right-click (context menu) options to the user account objects. By right-clicking a user object you will be able to view some more information about any user account you want, information that includes the last logon time, the user’s logon script, the last time the user has changed his or her password and so on.
Writing the script
First we need to write a small VBS script (I thank Antid0t for the insight). It will be used as a context menu option on any user account object.
On Error Resume Next Set wshArguments = WScript.Arguments Set objUser = GetObject(wshArguments(0)) str1 = "Last Login: " & objUser.LastLogin str2 = "Last Logoff: " & objUser.LastLogoff str3 = "Last Failed Login: " & objUser.LastFailedLogin str4 = "Logon Count: " & objUser.logonCount str5 = "Bad Login Count: " & objUser.BadLoginCount str6 = "Password Last Changed: " & objUser.PasswordLastChanged str7 = "User Account Control: " & objUser.userAccountControl str8 = "Login Script: " & objUser.scriptPath str9 = "Account Created: " & objUser.whenCreated str10 = "Account Last Modified: " & objUser.whenChanged MsgBox str1 & vbCrLf & str2 & vbCrLf & str3 & vbCrLf & str4 & vbCrLf & str5 & vbCrLf & str6 & vbCrLf & str7 & vbCrLf & str8 & vbCrLf & str9 & vbCrLf & str10,,objUser.Name
Save the script as USER_LOGON_INFO.VBS.
Place the script in a share on one of your DCs, preferably in the NETLOGON share, thus replicating it to all of your DCs. Note that this change is a forest wide change, so each and every DC in the forest should have access to this script.
Adding the option to the context menu
You now need to add the context menu options to user account objects in AD. To do so you need the following:
- ADSIEdit.MSC – found in the Windows 2000/2003 Support Tools (located on the installation CD)
- Enterprise Admin permissions
User account context menu:
- After installing the Support Tools, open ADSIEdit.MSC and navigate to the following path:
Lamer note: Change the path to fit your own domain name…
- Right-click on the user-Display object and select Properties.
- The first attribute in the list of attributes for the object should be adminContextMenu. Double-click it or click on the Edit button.
- In the Sting Editor window of the adminContextMenu attribute, add the following line:
4, &Show Logon Info,\\zeus\netlogon\user_logon_info.vbs
Lamer note: Change the UNC path to fit your own path…
Another not so lamer note: If you already have a “4” option (because you’ve read the following article – Add Unlock User Option to Active Directory Users and Computers) then you can use “5” instead.
- When done, click Add to add the line, then click Ok.
- Close ADSIEdit.MSC.
In order to test the context menu addition you’ll need to close DSA.MSC if it was open, and re open it.
Right-click the user account you want to query and select the new context menu – Show Logon Info.
Notice how a prompt is displayed showing the additional information for that user account.