My eyes nearly popped out of their sockets this morning. I was discussing this very problem with some colleagues only a couple of weeks ago and pretty much concluded that this is a very difficult problem to solve easily. Low and behold though, into my inbox popped a message about a tool now released onto microsoft.com to address this very issue. Although I haven't had a chance to play with it yet (this is really hot off the press), it isn't bullet proof as identifying concurrent logons where users can logon offline and in distributed environments with slow or intermittent WAN links is incredibly difficult.
Architecturally, there are three components to this download package: On the client, a login script and logoff script connects to a web-service which in turn communicates with an active directory partition holding the limitlogon information. Hence, you'll need an IIS server (to host the web-service) and a mechanism to deploy the client scripts (eg Group Policy or SMS).
Here's the download link - when downloaded and run, the installation files for Active Directory, IIS and the client, plus a help file documenting the process are expanded out. http://download.microsoft.com/download/f/d/0/fd05def7-68a1-4f71-8546-25c359cc0842/limitlogin.exe
Thxs for the info. and the tool