Can anyone here share some script or explanation how can I use Powershell Get-WinEvent
to get some list of AD security event ?
I need the below information to see if any DOMAIN\Administrator
account is in use or not anymore by anyone in my AD domain.
Keywords: Audit Success
Logon Type: 3
Date: 13/09/2016 1:42:25 PM
Security ID: Domain\Administrator
Source Network Address: 10.188.15.19
Open in new window
Any help and suggestion would be greatly appreciated.