Database Search

match allmatch any Look in all areasLook in current areas Check all datesPrevious dayPrevious 3 daysPrevious weekPrevious fortnightPrevious monthPrevious 2 monthsPrevious 3 monthsPrevious half-yearPrevious year

TechHome

• Bypassing Novell Logon GUI
• Check to See Who is Logged In
• Error 127 - Unknown File Server during Login
• Error 200 DS Login failed with n4Login
• GPF using WB scripts in NW login script
• n4Login and 245 Error
• Net login doesnt work
• Novell Login Script and Winbatch
• password synchronization from eDir to AD
• Winbatch in Netware Login and GPF

Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.

Check to See Who is Logged In

Keywords: 	  who is logged in  nlist

---

Question:

Is there a way to check a list of user ids and see which ones are currenty logged in? thanks

Answer:

It gets kind of ugly. If a user logs out cleanly things are kind of OK, but users who fail to logout from NDS will introduce problems. Also, if your NDS tree is partitioned and some of the containers are in partitions which have multiple replcas on different servers then things get more complicated.

Basically, what you need to do is to examine the user's object in NDS. If it has the attribute "Network Address" then the user object was logged in at one time and has either not logged out of NDS or has logged out but the change has not yet propagated to other partition replicas. If the user object does not have the "Network Address" attribute then the user is either logged out or has never logged in to NDS. This is the method that NLIST.EXE uses to find logged in users.

You could also use the "Login Time" and/or "Last Login Time" attribute values as a sanity check by verifying that any user object that has a "Network Address" attribute with one or more values also has a login time that is newer than a certain date & time. I'd say that anybody logged in for more than a month is probably suspect as not having a valid value for their network address attribute.

The "Network Address" attribute has some sort of age limit of something like 60 days on it. If users are not properly logging out of NDS by way of simply turning off their computers, power outages, network failures, etc..., bogus values can build up in this attribute. The DSREPAIR utility will remove values in this attribute that are more than 60 days old, and if the last value is removed from the attribute then the whole attribute is removed from the user object.

Please note that the attribute "Network Address" has the synchronize immediately flag placed on it in NDS, which is supposed to mean that changes to this attribute's value(s) should be replicated immediately. In a health NDS tree this happens pretty quickly. However, not all NDS trees are healthy and if there are problems with replication then bogus values may possibly exist for this attribute.

The process that I describe above is what NLIST does. WinBatch can use the same procedure to determine who's logged in. What is required is that you need to check to see if the "Network Address" attribute is present on a user object, and if it is, then you can normally assume that the user is logged in. If the attribute is missing then the user is not logged in. Doing a sanity check involving the "Login Time" attribute to verify that no account has been logged in longer than X amount of time will help to trap false positive test results that can happen due to users not properly logging out of NDS [e.g. workstation crash, network outage, workstation powered off, etc...].

---

Article ID:   W14895

File Created: 2001:11:08:12:40:52

Last Updated: 2001:11:08:12:40:52