Powershell Tutorial: Getting Application Event Log for AD Computers

Powershell Event Log
Powershell Eventlog

Powershell Tutorial 3: Getting Application Event Log for AD Computers

I have a few users complaining that they were experiencing slow log on time. I needed to find out information from the Event logs to see what’s going on. I could go to each user’s computer and check, I could go into AD computers and manage the computer for each one of the users one by one. However I wanted a way to get the Event-log for each computer into one central location. I once again thought of Powershell. I created this little script to do the following for me:

  1.  Get all the computers from a specific Active Directory
  2. Sort through the  properties and get Get only the Name of the computer
  3. For each computer name Test Connectivity
  4. If test comes active or True  get Event Log
  5. If not active output error

 

#Get computer from AD

$pc = Get-AdComputer -Filter * -Property Name

#Get Only Name of Computer

$computers = $PC.Name

# Loop computer List
Foreach ($computer in $computers)
{

#Testing Connectivity to the computer
$Live = Test-Connection $computer -Quiet

#If alive, move to the next stage

IF($live -eq $True)

{

#Get Event Log with following information , Export as CSV File

Get-EventLog -LogName Application -EntryTyp Error -Newest 30 -ComputerName $computer| Select-object EventID,MachineName,EntryType,MEssage,TimeGenerated,TimeWritten,Username |export-csv C:PowershellLearning$computer.csv

}

else

{

"$computer is not on or can't connect to it"
}

}

 

Once this is done go to the directory where you defined to export the CSV file and good hunting.

 

Look over this and if you find anything I should be doing better let me know, or how would you approach this

 

Be the first to comment

Leave a Reply

Your email address will not be published.


*