Phone Get Quote
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

How to generate reports on failed login attempts using PowerShell and ADAudit Plus

The following is a comparison between the procedures of identifying failed login attempts with Windows PowerShell and ADAudit Plus:

Windows PowerShell

Steps to obtain a report on failed login attempts using PowerShell

  • Define the date of the event you want to look into.
  • Define the domain from where the report should be generated.
  • Define the Domain controller to retrieve the report from.
  • Define the format (CSV, HTML, XLS, PDF) of your log report.
  • Execute the script
  • Obtain the report in the format specified in the code

Identify failed login events


$Date= Get-date     
$DC= "Domain Controller name" 
$Report= "C:\ADreport.html" 
<title>Event Logs Report</title>
BODY{background-color :#FFFFF} 
TABLE{Border-width:thin;border-style: solid;border-color:Black;border-collapse: collapse;} 
TH{border-width: 1px;padding: 1px;border-style: solid;border-color: black;background-color: ThreeDShadow} 
TD{border-width: 1px;padding: 0px;border-style: solid;border-color: black;background-color: Transparent} 
$eventsDC= Get-Eventlog security -Computer $DC -InstanceId 4625 -After (Get-Date).AddDays(-7) | 
   Select TimeGenerated,ReplacementStrings | 
   % { 
     New-Object PSObject -Property @{ 
      Source_Computer = $_.ReplacementStrings[13] 
      UserName = $_.ReplacementStrings[5] 
      IP_Address = $_.ReplacementStrings[19] 
      Date = $_.TimeGenerated 
  $eventsDC | ConvertTo-Html -Property Source_Computer,UserName,IP_Address,Date -head $HTML -body "

Gernerated On $Date

"| Out-File $Report -Append
Click to copy entire script

ADAudit Plus

Steps to obtain a report on failed login attempts using ADAudit Plus

  • Login to ADAudit Plus web console using administrator credential. Navigate to the 'Reports' tab in the ADAudit Plus Dashboard.
  • Select 'User Logon Reports' tab in the left pane. Then select the 'Logon Failures' report from the panel.
  • You can also choose to export this report in the desired format (CSV, HTML, XLS, and PDF) using the export option.



Why ADAudit Plus is the better solution to get failed logon reports

  • ADAudit Plus allows you to easily navigate between a variety of logon activity reports like 'Logon failures based on users' 'User's last logon', 'Logon based on DC' and many more.
  • Easily get to know the reasons for logon failures that will speed up your incident investigation process.
  • ADAudit Plus allows you to export reports in the desired format with a single click easily.
  • Advanced filter options to save you the trouble of creating complex LDAP queries.
  • Avoid complex PowerShell-scripting, and simplify AD change auditing with ADAudit Plus.
  • By clicking 'Get Your Free Trial', you agree to processing of personal data according to the Privacy Policy.
  • Thanks!
  • Your download is in progress and it will be completed in just a few seconds! If you face any issues, download manually here.

Related Resources

ADAudit Plus Trusted By