Pricing Teams Resources Try for free Log In

Come for the solution, stay for everything else.

Welcome to our community! We’re working tech professionals who love collaborating.

troubleshooting Question

Create a PowerShell script that would  get the last 30 days history logon of Domain Admin member

Mohammed Hamada asked on 12/3/2019

9 Comments1 Solution92 ViewsLast Modified: 9/17/2020

Dear All,

I would like to write a Power Shell script that would do the following:
- If the user is member of (Domain admins) get me the last 30 days history logon of this user in any Domain joined computer.

I created something now but it still lacks a lot as it reads the security events on the Domain controller and brings the users,time and matches them with the Domain admin group as in the attached screenshot

I would appreciate if someone can help me evolve this script into something useful

$Rusers = Get-WinEvent  -Computer dc02 -FilterHashtable @{Logname='Security';ID=4672} -MaxEvents 50 |
 `   select @{N='User';E={$_.Properties[1].Value}},TimeCreated
 
$DAUsers = Get-ADGroupMember -Identity "Domain Admins"

Foreach ($DAUser in $DAUsers){
$DomainUser = $DAUser.SamAccountName

foreach ($Ruser in $Rusers){
$RAUser = $Ruser.User

If ($RAUser -match $DomainUser){
Write-Host $Ruser is domain admin }
}
}

Screenshot_1.jpg

Comment

Watch Question

ASKER CERTIFIED SOLUTION

Mohammed Hamada

Azure / Office 365 Integration engineer

Join our community to see this answer!

Unlock 1 Answer and 9 Comments.

Start Free Trial

Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert

See if this solution works for you by signing up for a 7 day free trial.

Unlock 1 Answer and 9 Comments.

Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.