miércoles, 13 de septiembre de 2017

WINDOWS. PS. Event Viewer. Search Events

If you have some Domain Controlers and you need look for a special event, you can use this command:


 [ ] Search for ALL domain controllers

 COMMAND: Get-Eventlog –ComputerName ([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).FindDomainController() “Security” -InstanceID “4740” -Message *”USERNAME”* | Format-List Timegenerated, Message

[ ] Search for one domain controllers

COMMAND:  Get-Eventlog -ComputerName xxxxDC01 “Security” -InstanceID “4769” | Format-List Timegenerated, Message

COMMAND: Get-Eventlog -ComputerName ServerDC “Security” -InstanceID “4740” -Message *”USERNAME”* | Format-List Timegenerated, Message
Other options are use the Windows event forwarder. http://gonsystem.blogspot.com.es/2016/07/windows-suscripciones-y-envio-de.html

REF: http://jeffwouters.nl/index.php/2012/05/powershell-searching-for-the-cause-of-a-user-account-that-keeps-getting-locked-out/

Check at Windows 2012 R2
by GoN | Published: September 14, 2017 | Last Updated: 
Publicado por en
Etiquetas: , ,

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)