    Are there any native capabilities, third party solutions, or add-ons to AD
    that would allow certain users (eg HR dept. or receptionist) to determine who
    is presently in the office by checking what users are logged on to AD ? TIA
  2. No. AD authenticates, it doesn't maintain open sessions to every user
    who has logged in. The kerberos tickets given out by default have a 10
    hour life, once you get the tickets you need for the resources you need
    then you don't need the DCs until you need renewal.

    You can use something like limitlogon or something like that but even
    that really isn't fullproof as what happens if someone just shuts a PC
    off or hibernates or gets disconnected from the LAN. What you need is
    some program that does regular "pings" to a centralized database which
    still isn't the best as that can impacted by network issues.

    I would say the cheapest solution is called IM. Make everyone get an IM
    account (yahoo, MSN, whatever) and log on and publish their status. Then
    the secretary or HR folks can look at their IM list.

    Joe Richards Microsoft MVP Windows Server Directory Services
    Author of O'Reilly Active Directory Third Edition

    ---O'Reilly Active Directory Third Edition now available---
    Joe Richards [MVP], Nov 14, 2006
    kj, Nov 14, 2006
    Cool, thanks for the info guys.

  5. We developed our own application client that sits in the tray of our
    users when they log in. Then our Network Admins have a "Remote Control
    Wizard" that talks to the client and responds with an Online or Offline
    (as well as many other functions, such as who is logged in, what their
    phone number is, and what version of VNC they are using).
    Christopher Anderson, Nov 14, 2006
