CONTEXT-AWARE LOCATOR

Multi-Vector Identity Locator.

Find any user on the network instantly. This intelligence engine utilizes a cascading fallback logic, pivoting through historical JSON telemetry, Active Directory attributes, and targeted WMI sweeps to locate users who are hot-desking or using shared kiosks.

SEE HOW IT WORKS

Intelligence Engine ● SEARCHING

[UHDC] FIND USER ON NETWORK: jsmith

[1] Resolving AD identity...

> Resolved: John Smith (OU=Accounting)

[2] Checking historical telemetry...

> LAPTOP-US-4829 is OFFLINE. Fallback initiated.

[3] OU Pivot: Scanning subnet OU=Computers,OU=Accounting...

> Scanning 42 computers... (Match found on #14)

[UHDC SUCCESS] DESKTOP-HQ-9912 (jsmith)

[INTEL] Auto-Filled Target PC to Action panels.

Cascading Fallback Logic

When a user calls in from a shared conference room and doesn't know the computer name, you cannot remote in. Scanning the entire 5,000-node domain takes too long. This engine uses context to narrow the search radius, finding the user in seconds.

Vector 1: History Check

The engine first checks the central UserHistory.json database. It sends a rapid WMI query to the user's last known PC. If they are still there, the search finishes instantly.

Vector 2: OU Pivoting

If the user's primary PC is offline, it parses their AD profile. If they work in the "Accounting" OU, it dynamically rewrites the LDAP query to pull a list of computers exclusively located in the Accounting department.

Vector 3: Rapid Polling

It iterates through the narrowed list of department PCs using a highly aggressive 500ms ICMP ping timeout to skip offline machines, followed by a Win32_ComputerSystem WMI query to find the active user.

INTERACTIVE TRAINING ENGINE

⭐ 350 XP

How Junior Techs Learn This Tool:

While the UHDC automates a complex 3-stage hunt (Local DB -> Intune -> AD Subnet Sweep) to find a user, a junior technician must know how to manually check who is logged into a specific computer. The training engine teaches them how to use the classic Windows Management Instrumentation Command-line (WMIC) utility to instantly query a remote PC from a standard command prompt.

wmic /node:"TargetPC" computersystem get username

The In-Person Equivalent

Checking your personal notes to see where the user usually sits, checking the cloud asset management portal, and finally walking the floor of their department to check the lock screen of every active computer.

Technical Q&A

Q: Why doesn't the script just scan the entire Active Directory environment?

Performance and safety. Scanning 5,000 computers sequentially via WMI could take 15 to 30 minutes, which is useless when a user is waiting on the phone. Furthermore, aggressive global WMI sweeps can trigger intrusion detection systems (IDS) or be flagged as lateral movement by security teams. By pivoting off the user's OU, we reduce the scan target to a highly localized, logical subnet, returning results in seconds.

Q: What happens if the user's AD profile doesn't have a clean OU structure?

The script is designed to fail safely. If it cannot determine a logical, narrowed scope to scan (e.g., the user is in the default CN=Users container), it will abort the operation and display: [X] ABORTING: User context (OU) not found. Global Scanning is disabled for performance/safety. This prevents the script from accidentally initiating a domain-wide sweep.

Q: Does this tool find users who are connected via VPN or Remote Desktop?

Yes. The Win32_ComputerSystem WMI class registers the primary user logged into the Windows session, regardless of whether they are physically at the keyboard or connected via a corporate VPN tunnel, as long as the endpoint is reachable over the network.