This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 31%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Hi ALL
I am using below script to get the event IDs from all dcs but not getting desired result. Please help to get get eveint Ids from all dcs in domain
Import-module Activedirectory
$dcs = Import-Csv C:\temp\allDcs.csv
$dcs | % {
$DCS = $_.name
try
{
get-winevent -FilterHashtable @{Logname='System';ID=5829,5830} -MaxEvents 1 -ComputerName $DCS |
Select MachineName,EventID,TimeWritten,message| Export-Csv 529.csv -NTI
}
Catch
{
Add-Content "$DCS $_ " -path c:\temp\UnreachableDCs.txt
}
}
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 74%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
I'm guessing that the data you export doesn't have the properties you expected? See if this works better:
$DomainName = (Get-ADDomain).DNSRoot
(Get-ADDomainController -Filter * -Server $DomainName).HostName |
ForEach-Object{
$DC = $_
Try{
Get-Winevent -FilterHashtable @{Logname='System';ID=5829,5830} -MaxEvents 1 -ComputerName $DC |
Select-Object MachineName,ID,TimeCreated,Message |
Export-Csv 529.csv -NTI
}
Catch{
$Err = $_ | Out-String
Add-Content "$DC $Err " -path c:\temp\UnreachableDCs.txt
}
}
Note that this will only get the Domain Controllers in your domain and not the entire forest. If you have a multi-domain forest you can certainly get the list of domains in the forest and for each domain get the names of all the domain controllers in each domain.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 94%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIX%3C/text%3E%3C/svg%3E)
Hi,
The EventLogRecord objects got by Get-WinEvent have no "EventID" and "TimeWritten" properties. You can select the properties "Id" and "TimeCreated" instead.
https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.eventing.reader.eventlogrecord
Best Regards,
Ian Xue
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.