Powershell Tutorial 3: Getting Application Event Log for AD Computers
I have a few users complaining that they were experiencing slow log on time. I needed to find out information from the Event logs to see what’s going on. I could go to each user’s computer and check, I could go into AD computers and manage the computer for each one of the users one by one. However I wanted a way to get the Event-log for each computer into one central location. I once again thought of Powershell. I created this little script to do the following for me:
- Get all the computers from a specific Active Directory
- Sort through the properties and get Get only the Name of the computer
- For each computer name Test Connectivity
- If test comes active or True get Event Log
- If not active output error
#Get computer from AD
$pc = Get-AdComputer -Filter * -Property Name
#Get Only Name of Computer
$computers = $PC.Name
# Loop computer List
Foreach ($computer in $computers)
{
#Testing Connectivity to the computer
$Live = Test-Connection $computer -Quiet
#If alive, move to the next stage
IF($live -eq $True)
{
#Get Event Log with following information , Export as CSV File
Get-EventLog -LogName Application -EntryTyp Error -Newest 30 -ComputerName $computer| Select-object EventID,MachineName,EntryType,MEssage,TimeGenerated,TimeWritten,Username |export-csv C:PowershellLearning$computer.csv
}
else
{
"$computer is not on or can't connect to it"
}
}
Once this is done go to the directory where you defined to export the CSV file and good hunting.
Look over this and if you find anything I should be doing better let me know, or how would you approach this