Solved

Get-WinEvent vs. Get-EventLog to get AD security log from multiple AD domain controllers ?

Posted on 2016-09-12
4
249 Views
Last Modified: 2016-09-12
Hi All,

Can anyone here share some script or explanation how can I use Powershell Get-WinEvent or Get-EventLog to get some list of AD security event ?

I need the below information to see if any DOMAIN\Administrator account is in use or not anymore by anyone in my AD domain.

        Keywords: Audit Success
        Logon Type: 3
        Date: 13/09/2016 1:42:25 PM
        Security ID: Domain\Administrator
      Source Network Address: 10.188.15.19

Open in new window



Any help and suggestion would be greatly appreciated.
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 41794245
You should rather have a look at the attribute "last logon".
https://gallery.technet.microsoft.com/scriptcenter/Get-Active-Directory-user-246f17c7
1
 
LVL 40

Accepted Solution

by:
Subsun earned 250 total points
ID: 41794335
To check if the account is in use or not you can check the Last Logon time as mentioned in McKnife.

Here is a good article which you can refer..
Ref : https://social.technet.microsoft.com/wiki/contents/articles/22461.understanding-the-ad-account-attributes-lastlogon-lastlogontimestamp-and-lastlogondate.aspx

If you want to check logs then you can You can use the Get-WinEvent, an example can be found from the question which I answered recently..
https://www.experts-exchange.com/questions/28967041/How-to-see-Event-ID-1149-using-powershell-or-cmd-the-names-and-IPs-successfully-logged-in-my-remote.html
1
 
LVL 8

Author Closing Comment

by:Senior IT System Engineer
ID: 41795481
Cool, thanks guys !
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 41795483
@Subsun, Thanks for the help.

@McKnife too you rocks !
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question