• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 535
  • Last Modified:

Get-WinEvent vs. Get-EventLog to get AD security log from multiple AD domain controllers ?

Hi All,

Can anyone here share some script or explanation how can I use Powershell Get-WinEvent or Get-EventLog to get some list of AD security event ?

I need the below information to see if any DOMAIN\Administrator account is in use or not anymore by anyone in my AD domain.

        Keywords: Audit Success
        Logon Type: 3
        Date: 13/09/2016 1:42:25 PM
        Security ID: Domain\Administrator
      Source Network Address: 10.188.15.19

Open in new window



Any help and suggestion would be greatly appreciated.
0
Senior IT System Engineer
Asked:
Senior IT System Engineer
  • 2
2 Solutions
 
McKnifeCommented:
You should rather have a look at the attribute "last logon".
https://gallery.technet.microsoft.com/scriptcenter/Get-Active-Directory-user-246f17c7
1
 
SubsunCommented:
To check if the account is in use or not you can check the Last Logon time as mentioned in McKnife.

Here is a good article which you can refer..
Ref : https://social.technet.microsoft.com/wiki/contents/articles/22461.understanding-the-ad-account-attributes-lastlogon-lastlogontimestamp-and-lastlogondate.aspx

If you want to check logs then you can You can use the Get-WinEvent, an example can be found from the question which I answered recently..
https://www.experts-exchange.com/questions/28967041/How-to-see-Event-ID-1149-using-powershell-or-cmd-the-names-and-IPs-successfully-logged-in-my-remote.html
1
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Cool, thanks guys !
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
@Subsun, Thanks for the help.

@McKnife too you rocks !
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now