Solved

Get-WinEvent vs. Get-EventLog to get AD security log from multiple AD domain controllers ?

Posted on 2016-09-12
4
143 Views
Last Modified: 2016-09-12
Hi All,

Can anyone here share some script or explanation how can I use Powershell Get-WinEvent or Get-EventLog to get some list of AD security event ?

I need the below information to see if any DOMAIN\Administrator account is in use or not anymore by anyone in my AD domain.

        Keywords: Audit Success
        Logon Type: 3
        Date: 13/09/2016 1:42:25 PM
        Security ID: Domain\Administrator
      Source Network Address: 10.188.15.19

Open in new window



Any help and suggestion would be greatly appreciated.
0
Comment
  • 2
4 Comments
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 41794245
You should rather have a look at the attribute "last logon".
https://gallery.technet.microsoft.com/scriptcenter/Get-Active-Directory-user-246f17c7
1
 
LVL 40

Accepted Solution

by:
Subsun earned 250 total points
ID: 41794335
To check if the account is in use or not you can check the Last Logon time as mentioned in McKnife.

Here is a good article which you can refer..
Ref : https://social.technet.microsoft.com/wiki/contents/articles/22461.understanding-the-ad-account-attributes-lastlogon-lastlogontimestamp-and-lastlogondate.aspx

If you want to check logs then you can You can use the Get-WinEvent, an example can be found from the question which I answered recently..
https://www.experts-exchange.com/questions/28967041/How-to-see-Event-ID-1149-using-powershell-or-cmd-the-names-and-IPs-successfully-logged-in-my-remote.html
1
 
LVL 7

Author Closing Comment

by:Senior IT System Engineer
ID: 41795481
Cool, thanks guys !
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 41795483
@Subsun, Thanks for the help.

@McKnife too you rocks !
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Computers reporting Windows patches applied 14 74
block folder inheritance 4 33
install .NET 3.5 on windows 10 13 45
Identify disabled AD users with PowerShell 6 34
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
This article will help you understand what HashTables are and how to use them in PowerShell.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now