Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

How to Get Shutdown Time using PowerShell and ADAudit Plus

Shutdowns are critical events which IT administrators analyze to troubleshoot errors. Monitoring shutdown time is also crucial to an organization's security review and IT compliance requirements. Systems are vulnerable to physical-access attacks when the OS is down. Hence, auditing and generating device shutdown time reports is essential to spot anomalous behavior within the organization and ward off external cyber threats.

The following is a comparison between the procedures for monitoring computer shutdown time with Windows PowerShell and ADAudit Plus.

Powershell

How to get shutdown time using PowerShell

  • Identify the domain from which you want to retrieve the report.
  • Find the LDAP attributes you need to fetch the report.
  • Identify the primary DC to retrieve the report.
  • Compile the script.
  • Execute it in Windows PowerShell
  • The report will be exported in the specified format.
  • To obtain the report in a different format, modify the script accordingly.

Sample Windows PowerShell script

The following script parses the system event log for shutdown events and generates a report to gain insights on system shutdown.

Get-EventLog -LogName System -Source
"EventLog" -EntryType Error | Where {$_.EventID -eq 6008} | fl * | Out-File -Filepath 
C:\Users\sareeka-8466\Desktop\REport.html (Mention the location where report needs to be saved)
The report can be saved in .csv or .txt format by altering the same.
For Eg: Out-File -FilePath C:\Users\sareeka-8466\Desktop\REport.csv
how-to-get-shutdown-time-using-powershell

ADAudit Plus

Steps to get computer shut down time using ADAudit Plus

  • Navigate to Reports -> Local Logon-Logoff -> Computer Startup and Shutdown.
  • Select the required 'Domain' from the drop down option on the top right corner.
  • In the 'Domain' field found on the top right corner, select either the required domain or select 'All Domains'.
  • Select 'Export As' to export the report in any of the preferred formats (CSV, PDF, HTML, and XLS).
  • steps-to-get-computer-shut-down-time-using-adaudit-plus

In addition to the computer name and shutdown time, the following are some of the details provided by ADAudit Plus:

  • User who initiated the shutdown.
  • Shutdown type - provides information about whether the computer was shutdown or restarted.
  • The process that triggered shutdown.

The following are some limitations to obtaining a report on computer shutdown times using native tools like Windows PowerShell:

  • We can run this script only from the computers which have Active Directory Domain Services role.
  • To monitor the shutdown time for several computers, the script has to be executed each time. It is practically impossible while monitoring hundreds (or more) of computers in a domain.
  • Applying more filters will increase the LDAP query complexity.
  • In order to export the report in other formats, the script needs to be modified each time.
  • Getting reports in different date formats, and time zones can be challenging.

ADAudit Plus will automatically scan all DCs in the domain to retrieve information about shutdown time, generate the report and present it in a simple and intuitively designed UI.

  • Avoid complex PowerShell-scripting, and simplify AD change auditing with ADAudit Plus.
  •  
  • By clicking 'Get Your Free Trial', you agree to processing of personal data according to the Privacy Policy.
  •  
  • Thanks!
  • Your download is in progress and it will be completed in just a few seconds! If you face any issues, download manually here.

Related Resources

ADAudit Plus Trusted By