Solved

Powershell script for getting remote Security event logs on DCs

Posted on 2009-07-16
3
1,375 Views
Last Modified: 2012-06-21
OK, I've looked all over for a good answer but haven't had much luck.  I need to remotely search my Server 2008 DCs for all User Account Lockouts (Security event 4740, I believe) for the past 24 hours only and save this to a text file.  I also only need the following data in the file:

(1) Logged (date/time)
(2) TargetUserName (domain user ID)
(3) TargetDomainName (the PC/Server where the account locked)

I would like to use PowerShell for this.  Any help would be appreciated.
0
Comment
Question by:sanderson321
3 Comments
 
LVL 4

Expert Comment

by:solomonacquah
ID: 24874147
There is a nice tool you get get called EventLog Monitor via http://www.jdhitsolutions.com/scripts.htm
0
 
LVL 6

Accepted Solution

by:
pilozite earned 500 total points
ID: 24874419
Did you read this post from MoW ? http://mow001.blogspot.com/2006/12/powershell-access-remote-eventlogs.html

using .NET getEventLog, you can retrieve any kind of information in remote event logs.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 24875888
you could also use inbuilt event log forwarding to a central server and then filter them by event ID and dump to a file....
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now