troubleshooting Question

Create a PowerShell script that would  get the last 30 days history logon of Domain Admin member

Avatar of Mohammed Hamada
Mohammed HamadaFlag for Portugal asked on
Powershell* auditingActive Directory
9 Comments1 Solution92 ViewsLast Modified:
Dear All,

I would like to write a Power Shell script that would do the following:
- If the user is member of (Domain admins) get me the last 30 days history logon of this user in any Domain joined computer.

I created something now but it still lacks a lot as it reads the security events on the Domain controller and brings the users,time and matches them with the Domain admin group as in the attached screenshot

I would appreciate if someone can help me evolve this script into something useful

$Rusers = Get-WinEvent  -Computer dc02 -FilterHashtable @{Logname='Security';ID=4672} -MaxEvents 50 |
 `   select @{N='User';E={$_.Properties[1].Value}},TimeCreated
$DAUsers = Get-ADGroupMember -Identity "Domain Admins"

Foreach ($DAUser in $DAUsers){
$DomainUser = $DAUser.SamAccountName

foreach ($Ruser in $Rusers){
$RAUser = $Ruser.User

If ($RAUser -match $DomainUser){
Write-Host $Ruser is domain admin }
Mohammed Hamada
Azure / Office 365 Integration engineer

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 9 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 9 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros