Get-WinEvent vs. Get-EventLog to get AD security log from multiple AD domain controllers ?

Hi All,

Can anyone here share some script or explanation how can I use Powershell Get-WinEvent or Get-EventLog to get some list of AD security event ?

I need the below information to see if any DOMAIN\Administrator account is in use or not anymore by anyone in my AD domain.

        Keywords: Audit Success
        Logon Type: 3
        Date: 13/09/2016 1:42:25 PM
        Security ID: Domain\Administrator
      Source Network Address:

Open in new window

Any help and suggestion would be greatly appreciated.
Senior IT System EngineerIT ProfessionalAsked:
Who is Participating?
SubsunConnect With a Mentor Commented:
To check if the account is in use or not you can check the Last Logon time as mentioned in McKnife.

Here is a good article which you can refer..
Ref :

If you want to check logs then you can You can use the Get-WinEvent, an example can be found from the question which I answered recently..
McKnifeConnect With a Mentor Commented:
You should rather have a look at the attribute "last logon".
Senior IT System EngineerIT ProfessionalAuthor Commented:
Cool, thanks guys !
Senior IT System EngineerIT ProfessionalAuthor Commented:
@Subsun, Thanks for the help.

@McKnife too you rocks !
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.