Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 460
  • Last Modified:

Get-WinEvent vs. Get-EventLog to get AD security log from multiple AD domain controllers ?

Hi All,

Can anyone here share some script or explanation how can I use Powershell Get-WinEvent or Get-EventLog to get some list of AD security event ?

I need the below information to see if any DOMAIN\Administrator account is in use or not anymore by anyone in my AD domain.

        Keywords: Audit Success
        Logon Type: 3
        Date: 13/09/2016 1:42:25 PM
        Security ID: Domain\Administrator
      Source Network Address: 10.188.15.19

Open in new window



Any help and suggestion would be greatly appreciated.
0
Senior IT System Engineer
Asked:
Senior IT System Engineer
  • 2
2 Solutions
 
McKnifeCommented:
You should rather have a look at the attribute "last logon".
https://gallery.technet.microsoft.com/scriptcenter/Get-Active-Directory-user-246f17c7
1
 
SubsunCommented:
To check if the account is in use or not you can check the Last Logon time as mentioned in McKnife.

Here is a good article which you can refer..
Ref : https://social.technet.microsoft.com/wiki/contents/articles/22461.understanding-the-ad-account-attributes-lastlogon-lastlogontimestamp-and-lastlogondate.aspx

If you want to check logs then you can You can use the Get-WinEvent, an example can be found from the question which I answered recently..
https://www.experts-exchange.com/questions/28967041/How-to-see-Event-ID-1149-using-powershell-or-cmd-the-names-and-IPs-successfully-logged-in-my-remote.html
1
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Cool, thanks guys !
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
@Subsun, Thanks for the help.

@McKnife too you rocks !
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now