$domainControllers = Get-ADDomainController -Filter *$eventIDs = 39,40,41$re

1. $domainControllers = Get-ADDomainController -Filter *
2. $eventIDs = 39,40,41
3. $regex = [regex]::new("User:.*")
4. $results = @()
5. foreach ($dc in $domainControllers) {
6. Write-Host "Querying $($dc.Name)..."
7. $events = Get-WinEvent -ComputerName $dc -FilterHashtable @{LogName='System';Id=$eventIDs} | where {$_.ProviderName -eq "Microsoft-Windows-Kerberos-Key-Distribution-Center"} | Select-Object TimeCreated, Id, Message, MachineName
8. $results += $events
9. }
10.  
11. $arr = @()
12. foreach ($event in $results) {
13. $msg = ($regex.Match($event.message).Value).replace("User: ","").replace('$','').Trim()
14. $obj = [pscustomobject]@{
15. Computer = $event.machineName
16. Time = $event.timecreated
17. ID = $event.ID
18. Message = $msg
19. }
20. $arr += $obj
21. }
22. $arr | sort time -desc | ft