How to find what computer a user is logged into

To find out which computer a specific user is logged into using PowerShell, you can use different methods depending on your environment (e.g., domain or local network). Below are a few common methods to get the logged on user information along with the computer name using PowerShell for Windows domain environment with Active Directory.

#Please replace <UserName> with the username you want in the results $Username = "<UserName>" # Get all enabled Windows computers from AD $Computers = Get-ADComputer -Filter 'Enabled -eq $true' -Property Name | Select-Object -ExpandProperty Name # Track if the user was found $UserFound = $false foreach ($Computer in $Computers) { try { # Run quser on the remote machine and capture the output $Sessions = quser /server:$Computer 2>&1 if ($LASTEXITCODE -eq 0 -and $Sessions) { if ($Sessions -match $Username) { Write-Host "User '$Username' is logged into $Computer" -ForegroundColor Green $UserFound = $true } } } catch { Write-Host "Unable to query $Computer" -ForegroundColor Yellow } } # Final message if user was never found if (-not $UserFound) { Write-Host "User '$Username' is not logged into any computer in the domain" -ForegroundColor Red }

# Get all enabled computers from AD $Computers = Get-ADComputer -Filter { Enabled -eq $true } | Select-Object -ExpandProperty Name # Initialize an array for results $output = @() foreach ($Computer in $Computers) { try { # Try to get the currently logged-on user from the remote system $User = (Get-CimInstance -ClassName Win32_ComputerSystem -ComputerName $Computer -ErrorAction Stop).UserName if ($User) { $Status = $User } else { $Status = "No interactive user currently logged in" } $Obj = [PSCustomObject]@{ Computer = $Computer Status = $Status } } catch { # If the query fails (offline, access denied, etc.) $Obj = [PSCustomObject]@{ Computer = $Computer Status = "Error: $($_.Exception.Message)" } } # Add the object to the results $output += $Obj } # Display results in a clean table $output | Format-Table -AutoSize

#Please replace <ComputerName> with the computer name you want in the results $ComputerName = "<ComputerName>" try { # Query the Win32_ComputerSystem class via WMI $UserName = (Get-WmiObject -Class Win32_ComputerSystem -ComputerName $ComputerName -ErrorAction Stop).UserName if ($UserName) { Write-Host "Computer: $ComputerName | Logged-on User: $UserName" } else { Write-Host "Computer: $ComputerName | No interactive user currently logged in" -ForegroundColor Yellow } } catch { Write-Host "Computer: $ComputerName | Unable to query WMI. Error: $($_.Exception.Message)" -ForegroundColor Red }

Limitations of using PowerShell scripts

The following are limitations for using native tools like Windows PowerShell for obtaining reports of all the computers the users are logged on to:

A one-stop solution for all your IT auditing, compliance, and security needs

ADAudit Plus provides capabilities like change auditing, logon monitoring, file tracking, compliance reporting, attack surface analysis, response automation, and backup and recovery for diverse IT systems.

Active Directory

Microsoft Entra ID

Windows file server

NAS file servers

Windows Server

Workstation

And more

Frequently asked questions

You will need administrative privileges on the remote computers or appropriate rights in Active Directory to query session information. Without these permissions, PowerShell commands may return “Access Denied” errors.

By looping through all computers in your Active Directory with the Get-ADComputer command, you can use PowerShell to search every machine for a specific username. Please refer to the second method under the PowerShell tab.

Yes, but with limitations. You can query local or remote computers directly using WMI or CIM commands, but you will need to specify computer names manually since AD lookup will not be available.

WMI (Get-WmiObject) is older and may be deprecated in newer PowerShell versions. CIM (Get-CimInstance) uses newer protocols (WS-Man) and is generally faster and more secure for remote queries.

Administrators often need to identify a user’s logged-in computer to troubleshoot issues such as login failures, errors, or network access problems. It’s also useful for monitoring user activity, managing remote support sessions, or ensuring compliance with security policies. Knowing which device a user is logged into helps IT teams respond quickly and efficiently to technical or security incidents.

Active Directory

Microsoft Entra ID

Windows file servers

Windows servers

Workstations

NAS file servers

Change auditing

Logon monitoring

Lockout analysis

Privileged user monitoring

File auditing

Compliance reporting

Threat detection and response

All features →

SOX

HIPAA

PCI DSS

GLBA

FISMA

GDPR

ISO 27001

How to find out which computer a user is logged into using PowerShell

1. PowerShell script using quser to get the machine name for where a user is logged in

2. PowerShell script using CIM to get every logged on user

3. PowerShell script using WMI to find a logged in user on a remote computer

How to find out which computer a user is logged into using ManageEngine ADAudit Plus

Limitations of using PowerShell scripts

A one-stop solution for all your IT auditing, compliance, and security needs

Frequently asked questions

What permissions are needed to check logged-in users with PowerShell?

How to find out which computer a user is logged into across the domain?

Is it possible to run these PowerShell commands without Active Directory?

What is the difference between WMI and CIM commands for this task?

Why would an administrator need to find out which computer a user is logged into?

Related how-to's

Experience ADAudit Plus for free

With ADAudit Plus, you get:

ADAudit Plus Trusted By

Meet all auditing and IT security needs with ADAudit Plus.

A single pane of glass for complete Active Directory Auditing and Reporting

How to find out which computer a user is logged
into using PowerShell

Experience
ADAudit Plus for free