Export (0) Print
Expand All
Expand Minimize

Get-RemoteAccessUserActivity

Windows Server 2012 R2 and Windows 8.1

Updated: October 17, 2013

Applies To: Windows 8.1, Windows PowerShell 4.0, Windows Server 2012 R2

Get-RemoteAccessUserActivity

Displays the resources accessed over the active DirectAccess (DA) and VPN connections and the resources accessed over historical DA and VPN connections.

Syntax

Parameter Set: UserName
Get-RemoteAccessUserActivity [-UserName] <String> [-AsJob] [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-EndDateTime <DateTime> ] [-StartDateTime <DateTime> ] [-ThrottleLimit <Int32> ] [ <CommonParameters>]

Parameter Set: HostIP
Get-RemoteAccessUserActivity -HostIPAddress <String> [-AsJob] [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-EndDateTime <DateTime> ] [-StartDateTime <DateTime> ] [-ThrottleLimit <Int32> ] [ <CommonParameters>]

Parameter Set: SessionId
Get-RemoteAccessUserActivity -SessionId <UInt64> [-AsJob] [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-ThrottleLimit <Int32> ] [ <CommonParameters>]




Detailed Description

The Get-RemoteAccessUserActivity cmdlet displays the resources accessed over the active DirectAccess (DA) and VPN connections and the resources accessed over historical DA and VPN connections.

The resources accessed over active and historical connections starting or ending on a Remote Access server are stored in the inbox accounting store on that server. This cmdlet retrieves the resources accessed for a specific server. The cmdlet is not impacted by multi-site deployment.
-- If a start date nor an end date is specified, then the resources accessed over active connections are retrieved
-- In order to retrieve the list of resources accessed over historical connections, a time duration needs to be specified such as a start date, an end date, or both. If only one of them is specified, then the time stamp on the first or last record in the accounting database is used to fill the missing information and create a duration.

The statistics of active connections can be explicitly filtered by the user name of the user who originated the Remote Access connection and the tunnel IP address of the client computer such as the IP address assigned by the server, from which the connection originated. However, only one of these filters can be used at a time.

Parameters

-AsJob

Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete. The cmdlet immediately returns an object that represents the job and then displays the command prompt. You can continue to work in the session while the job completes. To manage the job, use the *-Job cmdlets. To get the job results, use the Receive-Job cmdlet. For more information about Windows PowerShell® background jobs, see about_Jobs.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-CimSession<CimSession[]>

Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.


Aliases

Session

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-ComputerName<String>

Specifies the IPv4 or IPv6 address, or host name, of the computer on which the remote access server computer specific tasks should be run.


Aliases

Cn

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-EndDateTime<DateTime>

Specifies the time duration for which the user activity needs to be retrieved and indicates the end date.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByValue)

Accept Wildcard Characters?

false

-HostIPAddress<String>

Specifies the tunnel IP address of the connection. This can be an IPv4 or IPv6 address.


Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-SessionId<UInt64>

Specifies an ID for a session for which to retrieve user activity data.


Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-StartDateTime<DateTime>

Specifies the time duration for which the user activity needs to be retrieved and indicates the start date.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByValue)

Accept Wildcard Characters?

false

-ThrottleLimit<Int32>

Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-UserName<String>

Specifies the user whose activity needs to be retrieved. This parameter uses the DOMAIN\USERNAME format.


Aliases

none

Required?

true

Position?

2

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters.

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

  • None

Outputs

The output type is the type of the objects that the cmdlet emits.

  • Microsoft.Management.Infrastructure.CimInstance#RemoteAccessUserActivity[]

    The Microsoft.Management.Infrastructure.CimInstance object is a wrapper class that displays Windows Management Instrumentation (WMI) objects. The path after the pound sign (#) provides the namespace and class name for the underlying WMI object.
    For both real-time and accounting cases, the RemoteAccessUserActivity object consists of the following properties. A separate instance of the RemoteAccessUserActivity object is output for every corporate network resource that is accessed over the connection.
    -- The IP address of the server in the corporate network.
    -- The identity of the protocol used to access the server.
    -- The port number used to access the server.


Examples

EXAMPLE 1

This example shows historic access details for a particular user. Query the accounting store for user activity details for User1 between the start date and end date.


 

PS C:\> $startdate = Get-Date –Date "12/16/2011"

 

PS C:\> $startdate
16 December 2011 00:00:00

 

PS C:\> $enddate = Get-Date –Date "12/23/2011"

 

PS C:\> $enddate

 

PS C:\> Get-RemoteAccessUserActivity -StartDateTime $startdate -EndDateTime $enddate -UserName "corp.contoso.com\User1"
ServerIpAddress                          ProtocolID                     ServerPort 
---------------                          ----------                     ---------- 
2001:4898:0:fff:0:5efe:10.57.36.131      6                              443 
2001:4898:0:fff:0:5efe:10.57.36.131      50                             0 

EXAMPLE 2

This example shows the resources currently being accessed by the user named User1. If the user is not active currently, then the cmdlet will not return any rows.


PS C:\> Get-RemoteAccessUserActivity -UserName "contoso\User1" -ComputerName edge1.corp.contoso.com
ServerIpAddress                          ProtocolID                     ServerPort 
---------------                          ----------                     ---------- 
2001:4898:0:fff:0:5efe:10.166.20.136     6                              80 
2001:4898:0:fff:0:5efe:172.27.97.57      6                              443 
2a01:110:10:1005:3e4a:92ff:fee0:1443     17                             500 
2a01:110:10:1005:3e4a:92ff:fee0:1443     17                             389 
2001:4898:a8:6001:3e4a:92ff:fedb:7104    17                             500 
2001:4898:a8:6001:3e4a:92ff:fedb:7104    17                             389 
2001:4898:0:fff:0:5efe:172.27.97.57      17                             500 
fdbd:8187:9fc9:7777::aa6:3609            17                             53 
2001:4898:0:fff:0:5efe:10.166.20.136     17                             500 

Related topics

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft