Active directory Log export

S

sadgb2012-02-06 23:40:11

Active Directory

sadgb, 2012-02-06 23:40:11

Hello.
There is a list of accounts (500 pieces) for which you need to get an extract from the EventLog of the domain controller - you are interested in logon & logoff events
There are a lot of records in the domain and exporting the entire EventLog is a hopeless idea - there is too much data and there is no filter by accounts (maybe I didn’t find it), yes and it’s inconvenient to select 500 people in the filter with my hands
I know their treebase and objectClass - if it helps

I want to know - is there any way to solve my problem? what software solutions are there or can Gui make it easy to do this

As an assumption, let's imagine that we are a domain administrator with all rights

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

N

navion, 2012-02-07
@navion

Login events can be caught by IDs 528 and 540. There are a couple of scripts here that parse the event log:
social.technet.microsoft.com/Forums/eu/winserverTS/thread/c4403e93-3f13-4bcb-add7-a0864085307c

Z

Zakharov Alexander, 2012-02-07
@AlexZaharow

I want to make a small comment on this issue. In principle, working with the windows log not only on a domain controller, but even on a simple computer is still an ambush. The desire to process the log turns into a problem not only with logon / logoff, since it is very difficult to track the connection of events with each other. It is better to prepare for such events in advance, and not when the problem has risen to its full height. By the way, the suggestion of import/export in your situation is not without meaning, because. you need a good text editor that can handle 100-200MB of text. There is one - EditPadPro. Not free, of course, but ... I recommend it. It also has regular expressions. This will greatly simplify the task.

D

Dal, 2012-02-07
@Dal

PowerShell to try.