Find Disconnected User on Servers using PowerShell Script SCOM Monitor

There are some slowness on Azure and On-premises servers. And as a part of CloudOps and DevOps team I again need to look into it, so given a promise to my server and application owner that I will work on it.

 

  • And found some curios and interesting facts in this case. Teams are accessing server from America, Canada, Hong Kong and India regions and this tends to obvious slowness of Clock Tick and Millisecond. I have suggested all of them that we are indeed connected over VPN however there are some Network bandwidth, Region and other limitations as well.

 

  • There are some process and other work going on at certain point of time (Like SQL Jobs, Transactions and Backup) this is also a reason for this crap….

 

  • But One thing which i found very interesting is Disconnected User Account on server from long duration and this hampers servers performance. And we should re-mediate this issue as soon as possible, but how?

 

Digging down in this issue and considering all the weapons in my arsenal, I got two words PowerShell and SCOM ………….lol

 

PowerShell has quser and SCOM super able to create an alert using PowerShell , So let’s get started……

 

I know using quser we can get the use session detail but this quser.exe” is not a Cmdlet and we cannot use it so easily as Cmdlets. It is a super old “Dos Command”.

So when we work with “Dos Commands” the output is just text and not object like it is with PowerShell Cmdlets.

 

We can convert the pure text into ‘well formed data’ which we can further process Using this : –

#needed
$rawUserData       = & quser
$wellFormedData = ($rawUserData).Trim() -replace ‘\s{2,}’,’,’ | ConvertFrom-Csv

 

#examples:
$wellFormedData | Where-Object {$_.State -eq ‘Active’ }
$wellFormedData | Where-Object {$_.ID -ge ‘4’}

$wellFormedData.count

 

 

 

Now we all have concern where is SCOM used Gourav……. Just hold on journey just begin now 😀

We can write a script using above lines and use this in PowerShell Community MP to create an alert when user is disconnected from a server for a particular given time.

This can be achieved using below 3 steps : –

Thats It 🙂

 

Using this we can simply trigger an alert when an user has disconnected their-selves from server in place of logoff.

Note : –

You can edit {$_.’IDLE TIME’ -ge ‘86400:00’}  as per your needs but make sure this time should be in seconds. I have taken 86400 seconds equivalent to 24 hours.

Before Implementing this solution consult with your teams, and list out all the service account or account that are running script on server. Since these should not be logoff if you will do this then get ready for escalations and other gifts …… lol 😛

 

A big thanks to Ruben Zimmermann for his help in creation of alert using this script. 🙂

 

Thanks for reading!

Gourav Kumar