This PowerShell Module, which started as an event library (Get-EventsLibrary.ps1), has now grown up and became full fledged PowerShell Module. This module has multiple functionalities but one of the signature features of this module is ability to parse Security (mostly) logs on Domain Controllers.
Following features are done:
- Group create, delete, modify (Who / When / What)
- Group membership changes (Who / When / What)
- User changes (Who / When / What)
- User create, delete (Who / When)
- User password changes (Who / When)
- User lockouts (Who / When / Where)
Run script/config:
And get a nice report
- Support for forwarded events
- Support for encrypting email password
- Active Directory Diagnostics Reporting
- File Server Events monitoring
Documentation for PSWinReporting (overview - latest post):
Documentation for PSWinReporting (module description, installation, how to):
https://evotec.xyz/hub/scripts/pswinreporting-powershell-module/
Module is published on Powershell Gallery: