troubleshooting Question

I need help with a script to pull information from AD

Avatar of FAC_IT
FAC_ITFlag for United States of America asked on
Active DirectoryPowershell
3 Comments1 Solution241 ViewsLast Modified:
I found a script that is suppost to login and logout information.  I need to find login and logout information about a user and the event logs don't go back that far.  I would think that AD would have that information.  Here is the script that I have.  I am useing Server 2008 R2 SP1.  I would like some help to figure this out.  I know that the computer is wrong but, I don't know have to intergrate the user.  I will be using the SAMname.  The information is from a month back.  I am not sure how long AD keeps that information.
 

$UserProperty = @{n="User";e={(New-Object System.Security.Principal.SecurityIdentifier
 $_.ReplacementStrings[1]).Translate([System.Security.Principal.NTAccount])}}
 $TypeProperty = @{n="Action";e={if($_.EventID -eq 7001) {"Logon"} else {"Logoff"}}}
 $TimeProeprty = @{n="Time";e={$_.TimeGenerated}}
 Get-EventLog System -Source Microsoft-Windows-Winlogon -ComputerName $Computer name goes here | select $UserProperty,$TypeProperty,$TimeProeprty
 

Thanks for your help.
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 3 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros