Burwell.tech

Who We Are

Check-WinEvents-Prompted.ps1

‘Check-WinEvents-Prompted.ps1’
#*************************************************************************************************************
# Script Name : Get-Latest-WinEvent-Prompted-DCs
# Purpose : Check Latest Event log for DCs chosen
# Date : #.\Get-UpdateDate.ps13:32 PM 3/13/2024
# – Initial version
# Date : #.\Get-UpdateDate.ps11:12 PM 3/14/20244
# – Updated to reflect specific events, added credentials, added prompts
# Author : Patrick Burwell
#*************************************************************************************************************
#Set location first
set-location D:\PowerShell
#Set the input file
#$DC= “mydc01”
$ChoiceQuestion = Read-host -Prompt “Do you want to run against RWDCs or all the DCs (includes RODCs)? Choice: ‘R’ for RWDC”
if($ChoiceQuestion -ieq “R”){
$DCChoice=”RWDCs”
$DCLists=(Get-ADDomainController -Filter {IsReadOnly -eq $False} | Select Name).Name
}Else{
$DCChoice=”AllDCs”
Write-Host “You have chosen all the Domain Controllers”
$DCLists=(Get-ADDomainController -Filter * | Select Name).Name
}
$DCList=$DCLists
$LastEventPrompt = Read-Host -Prompt “Do you want to get the last event? (Y/N)”
if ($LastEventPrompt -ieq “Y”) {
$GetLastEvent = $true
} else {
$GetLastEvent = $false
}
# … rest of your script …
#Set day
$day = get-date -format ‘yyyyMMdd’
#Set the output file
$OutputFile = “d:\powershell\reports\$day-$Testingfor-$DCChoice-WinEvents-Results.csv”
foreach ($DC in $DCList) {
if ($GetLastEvent) {
try {
$events = Get-WinEvent -ComputerName $DC -MaxEvents 1 -ErrorAction Stop -Force -Oldest:$False -FilterHashtable @{LogName=’System’}
} catch {
Write-Host “Error getting events from $DC $_”
continue
}
} else {
foreach ($id in $($EventPrompt)) {
try {
$events = Get-WinEvent -ComputerName $DC -MaxEvents 1 -ErrorAction Stop -Force -Oldest:$False -FilterHashtable @{LogName=’System’; ID=$id}
} catch {
Write-Host “Error getting events from $DC $_”
continue
}
}
}

if ($events -eq $null) {
# Write-Host “No events found for ID: $id on $DC”
continue
}

$properties = @{
TimeCreated = $events.TimeCreated
Message = $events.Message | Out-String
Computer = $DC
EventID = $events.Id
}

# Create a custom output format
$outputLine = “DC: $($properties.Computer) | EventID: $($properties.EventID) | TimeCreated: $($properties.TimeCreated) | Message: $($properties.Message)”
Write-Host “$($properties.Computer),$($properties.TimeCreated),$($properties.EventID)”

# Export the properties to the CSV file
New-Object PSObject -Property $properties |select Computer,EventID,Timecreated,Message| Export-Csv -Path $($OutputFile) -Append -NoTypeInformation | Out-Null
}

Posted

in

, ,

by

PatrickBurwell

Tags:

, , , ,