Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Write-Host "Gathering Event Logs, this can take awhile..."
- #fuction logon
- $ELogs = Get-WinEvent -ComputerName REMOTE-COMPUTER-01 -Credential AD\T2User -LogName System
- If ($ELogs)
- { Write-Host "Processing logon..."
- ForEach ($Log in $ELogs)
- { If ($Log.InstanceId -eq 7001)
- { $ET = "Logon"
- }
- ElseIf ($Log.InstanceId -eq 7002)
- { $ET = "Logoff"
- }
- Else
- { Continue
- }
- $Result += New-Object PSObject -Property @{
- Time = $Log.TimeWritten
- 'Event Type' = $ET
- User = (New-Object System.Security.Principal.SecurityIdentifier $Log.ReplacementStrings[1]).Translate([System.Security.Principal.NTAccount])
- }
- }
- #$Result | Select Time,"Event Type",User | Sort Time -Descending | Out-GridView
- }
- $Result | Select Time,"Event Type",user| Sort Time -Descending | export-csv "C:\AMD\$Computer Logon History v1.csv" -NoTypeInformation
- # Trim AD\ (in memory only) so that we can properly grab both Manager and Department attributes using Get-ADUser, and apply that to the entire User column in the .CSV
- Import-csv "C:\AMD\$Computer Logon History v1.csv" | select *, @{Name='Manager';Expression={(get-aduser (get-aduser ($_.User).replace('AD\','') -Properties manager).manager).samaccountName}} | select *, @{name="Department"; expression={ (get-aduser ($_.User).replace('AD\','') -Properties Department).Department } } | export-csv "C:\AMD\$Computer Logon History v2.csv" -NoTypeInformation
- Write-Host "Done."
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
