$today = (Get-date -Format "MM-dd-yyyy")
# Stuff you may want to change #
$csv_output_path = "$ENV:USERPROFILE\Documents\active-directory-logs--$today.csv"
$logs_after = "01-21-2022" # January 21, "2022"
$domain_controller = 'dc1'
$limit = 50 # The number of newest log entries you want to receive. Higher number takes longer.
################################
$log_types = @('Directory Service', 'Security')
$properties = @(
"Category", "CategoryNumber", "Container", "Data",
"EnableRaisingEvents", "Entries", "EntryType", "EventID",
"Index", "InstanceId", "Length", "Log", "LogDisplayName",
"MachineName", "MaximumKilobytes", "Message", "MinimumRetentionDays",
"OverflowAction", "ReplacementStrings", "Site", "Source",
"SynchronizingObject", "TimeGenerated", "TimeWritten", "UserName"
)
$entry_list = @()
foreach ($type in $log_types) {
$log = Get-EventLog -ComputerName $domain_controller -LogName $type -Before (Get-Date) -after (Get-date -Date $logs_after -Format "MM-dd-yyyy") -Newest $limit | Select-Object -Property $properties
foreach ($entry in $log) {
$entry_list += [PSCustomObject]@{
"Category" = $entry.Category
"CategoryNumber" = $entry.CategoryNumber
"Container" = $entry.Container
"Data" = $entry.Data
"EnableRaisingEvents" = $entry.EnableRaisingEvents
"Entries" = $entry.Entries
"EntryType" = $entry.EntryType
"EventID" = $entry.EventID
"Index" = $entry.Index
"InstanceId" = $entry.InstanceId
"Length" = $entry.Length
"Log" = $entry.Log
"LogDisplayName" = $entry.LogDisplayName
"MachineName" = $entry.MachineName
"MaximumKilobytes" = $entry.MaximumKilobytes
"Message" = $entry.Message
"MinimumRetentionDays" = $entry.MinimumRetentionDays
"OverflowAction" = $entry.OverflowAction
"ReplacementStrings" = $entry.ReplacementStrings
"Site" = $entry.Site
"Source" = $entry.Source
"SynchronizingObject" = $entry.SynchronizingObject
"TimeGenerated" = $entry.TimeGenerated
"TimeWritten" = $entry.TimeWritten
"UserName" = $entry.UserName
}
}
}
$entry_list | export-csv -Path $csv_output_path -NoTypeInformation