How can I add additional user account information option to the Active Directory Users and Computers context menu?
As seen in the Add Unlock User Option to Active Directory Users and Computers article, many of the daily tasks of a network administrator is to monitor user accounts, logo activities, password changes and account options, such as disabling and enabling user accounts, and also looking for logon information for the user account.
One method of viewing additional information about user accounts is by using the Acctinfo.dll add-in for Active Directory Users and Computers (as explained in the View Additional User Information in AD Users and Computers article).
Another method is by adding some right-click (context menu) options to the user account objects. By right-clicking a user object you will be able to view some more information about any user account you want, information that includes the last logon time, the user’s logon script, the last time the user has changed his or her password and so on.
First we need to write a small VBS script (I thank Antid0t for the insight). It will be used as a context menu option on any user account object.
I guess the script could be done in a better way, and if any of you have a good suggestion please send it over .
On Error Resume Next Set wshArguments = WScript.Arguments Set objUser = GetObject(wshArguments(0)) str1 = "Last Login: " & objUser.LastLogin str2 = "Last Logoff: " & objUser.LastLogoff str3 = "Last Failed Login: " & objUser.LastFailedLogin str4 = "Logon Count: " & objUser.logonCount str5 = "Bad Login Count: " & objUser.BadLoginCount str6 = "Password Last Changed: " & objUser.PasswordLastChanged str7 = "User Account Control: " & objUser.userAccountControl str8 = "Login Script: " & objUser.scriptPath str9 = "Account Created: " & objUser.whenCreated str10 = "Account Last Modified: " & objUser.whenChanged MsgBox str1 & vbCrLf & str2 & vbCrLf & str3 & vbCrLf & str4 & vbCrLf & str5 & vbCrLf & str6 & vbCrLf & str7 & vbCrLf & str8 & vbCrLf & str9 & vbCrLf & str10,,objUser.Name
Save the script as USER_LOGON_INFO.VBS.
Place the script in a share on one of your DCs, preferably in the NETLOGON share, thus replicating it to all of your DCs. Note that this change is a forest wide change, so each and every DC in the forest should have access to this script.
You now need to add the context menu options to user account objects in AD. To do so you need the following:
User account context menu:
Lamer note: Change the path to fit your own domain name…
4, &Show Logon Info,\\zeus\netlogon\user_logon_info.vbs
Lamer note: Change the UNC path to fit your own path…
Another not so lamer note: If you already have a “4” option (because you’ve read the following article – Add Unlock User Option to Active Directory Users and Computers) then you can use “5” instead.
In order to test the context menu addition you’ll need to close DSA.MSC if it was open, and re open it.
Right-click the user account you want to query and select the new context menu – Show Logon Info.
Notice how a prompt is displayed showing the additional information for that user account.