Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

How to generate reports on failed login attempts using PowerShell and ADAudit Plus

The following is a comparison between the procedures of identifying failed login attempts with Windows PowerShell and ADAudit Plus:

Windows PowerShell

Steps to obtain a report on failed login attempts using PowerShell

  • Define the date of the event you want to look into.
  • Define the domain from where the report should be generated.
  • Define the Domain controller to retrieve the report from.
  • Define the format (CSV, HTML, XLS, PDF) of your log report.
  • Execute the script
  • Obtain the report in the format specified in the code

Identify failed login events

Code:

$Date= Get-date     
 
$DC= "Domain Controller name" 
 
$Report= "C:\ADreport.html" 
 
$HTML=@" 
<title>Event Logs Report</title>
 
BODY{background-color :#FFFFF} 
TABLE{Border-width:thin;border-style: solid;border-color:Black;border-collapse: collapse;} 
TH{border-width: 1px;padding: 1px;border-style: solid;border-color: black;background-color: ThreeDShadow} 
TD{border-width: 1px;padding: 0px;border-style: solid;border-color: black;background-color: Transparent} 
 
"@ 
 
$eventsDC= Get-Eventlog security -Computer $DC -InstanceId 4625 -After (Get-Date).AddDays(-7) | 
   Select TimeGenerated,ReplacementStrings | 
   % { 
     New-Object PSObject -Property @{ 
      Source_Computer = $_.ReplacementStrings[13] 
      UserName = $_.ReplacementStrings[5] 
      IP_Address = $_.ReplacementStrings[19] 
      Date = $_.TimeGenerated 
    } 
   } 
    
  $eventsDC | ConvertTo-Html -Property Source_Computer,UserName,IP_Address,Date -head $HTML -body "

Gernerated On $Date

"| Out-File $Report -Append
 Copied
Click to copy entire script

ADAudit Plus

Steps to obtain a report on failed login attempts using ADAudit Plus

  • Login to ADAudit Plus web console using administrator credential. Navigate to the 'Reports' tab in the ADAudit Plus Dashboard.
  • Select 'User Logon Reports' tab in the left pane. Then select the 'Logon Failures' report from the panel.
  • You can also choose to export this report in the desired format (CSV, HTML, XLS, and PDF) using the export option.

Screenshot

powershell-get-current-logged-on-user-1
 

Why ADAudit Plus is the better solution to get failed logon reports

  • ADAudit Plus allows you to easily navigate between a variety of logon activity reports like 'Logon failures based on users' 'User's last logon', 'Logon based on DC' and many more.
  • Easily get to know the reasons for logon failures that will speed up your incident investigation process.
  • ADAudit Plus allows you to export reports in the desired format with a single click easily.
  • Advanced filter options to save you the trouble of creating complex LDAP queries.
  • Avoid complex PowerShell-scripting, and simplify AD change auditing with ADAudit Plus.
  •  
  • By clicking 'Get Your Free Trial', you agree to processing of personal data according to the Privacy Policy.
  •  
  • Thanks!
  • Your download is in progress and it will be completed in just a few seconds! If you face any issues, download manually here.

Related Resources

ADAudit Plus Trusted By