AD computer last shutdown history

Question

HI,The below command executes AD user logon hisotry and need the similar but last shutdown history. kindly advice.

Get-ADComputer -Filter * -Properties *  | Sort LastLogonDate | FT Name, LastLogonDate -Autosize | Out-File C:\Temp\ComputerLastLogonDate.txt Thanks

Answer 1

How about this?

$Filter = @{Logname='System'; ID=1074,6006,6008}
Get-WinEvent -FilterHashtable $Filter |
    Select-Object TimeCreated,MachineName,Id |
        Export-CSV -Path ShutdownLogPath -NoTypeInformation

Answer 2

Hi RichMatheisen-885

The above works but for local machine but looking for entire domain clients. any idea?

Answer 3

This should work for all the computers in the AD, but it's going to be slow if you have a substantial number of machines or if some of the machines are inaccessible when you query them (and you just know that's going to happen!). You might consider using Invoke-Command and wrapping the Get-WinEvent/Select-Object in a script block and omit the -Computer parameter. Using the output from the Get-ADComputer in the Invoke-Command's -Computer parameter will get you a level of parallelism and off-line machines, while they'll affect the overall execution time, won't stall the execution of the entire script while the connection times out.

$LogFilter = @{Logname='System'; ID=1074,6006,6008}
Get-ADComputer -Filter <filter-conditions> |
    ForEach-Object{
        Get-WinEvent -ComputerName $_.Name -FilterHashtable $LogFilter |
            Select-Object TimeCreated,MachineName,Id
    } | Export-CSV -Path ShutdownLogPath -NoTypeInformation

Answer 4

Hi, given that this post has been quiet for a while, this is a quick question and answer. Has your question been solved? If so, please mark it as an answer so that users with the same question can find and get help.
:)