locked
Trying to fetch logon success and logon failure event of Domain Controller for the credential validation using event viewer logs. RRS feed

  • General discussion

  • Actually in my script, i am trying to fetch logon success and logon failure events of domain users who are authenticated by that domain controller from the event viewer. 

    For this ,i am using event ID '4776' .But, i am not getting any logs in CSV. I looked the event viewer data for event id 4776, and my server contains both logs for Audit success and Audit failure for event id '4776'.

    can anyone help me in this. Also i want to fetch logon success and logon failure logs of the domain user who are authenticated by that domain controller. for this , i am using this code

    if ($i.EventID -eq 4776 ) -and (Keywords -eq '4503599627370496') //for logon failure events

    &

    ($i.EventID -eq 4776 ) -and (Keywords -eq '13510798882111488') //for logon success events

    but not getting my output.

    can anyone please help me in this.

    Thank you


    Monday, December 9, 2019 3:19 PM

All replies