Tom Wong
asked on
PowerShell showing different result with event log
Dear all experts,
I run the following command in PowerShell and would like to obtain the security log details,
Get-EventLog -LogName Security -InstanceId 4662
however, I found that the result is not same as the event log, Object name in PowerShell result becomes a SID but in event log it is showing the full DN of the object.
Is there anyway to convert the SID to DN in PowerShell.
3.PNG
I run the following command in PowerShell and would like to obtain the security log details,
Get-EventLog -LogName Security -InstanceId 4662
however, I found that the result is not same as the event log, Object name in PowerShell result becomes a SID but in event log it is showing the full DN of the object.
Is there anyway to convert the SID to DN in PowerShell.
3.PNG
ASKER
Hi Alex,
How can I convert Object Name: {3a9dc152-f760-4995-80a7-1 358cddf6ba 3} to CN=LAB3-WS01,OU=Desktops,O U=Devices, OU=SLAM,DC =lab,DC=lo cal
How can I convert Object Name: {3a9dc152-f760-4995-80a7-1
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi oBdA,
Many thanks from your script and it is working. Just want to ask one more thing, is it possible to filter it by ObjectType in side the event log?
When I run the script, it is showing a lot of event related to event ID 4662, however some of it containing "DomainDNS" which is not include in my scope of result and I would like to filter it.
Many thanks from your script and it is working. Just want to ask one more thing, is it possible to filter it by ObjectType in side the event log?
When I run the script, it is showing a lot of event related to event ID 4662, however some of it containing "DomainDNS" which is not include in my scope of result and I would like to filter it.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks oBda, it works!
Open in new window
If it's a local user
Open in new window
Run that with the local usernames and then match up the SID.