Check Directory Service log using a CMD Script

The following script checks the Directory Service log on domain controllers specified in a Servers.txt file or any other TXT file. The report format is in CSV and four authentication is supported by this script. You can run the script in different domains also.


1. Create a folder in C:\ drive DSLOG.


2. Download Psloglist.exe and Psexec.exe from Microsoft site and copy it to C:\DSLOG


3. Create a TXT file for servers.


@echo off


cls


setlocal enabledelayedexpansion


@echo *=======================================
@Echo * Script to Report Directory Service Log
@Echo * Author       : Nirmal Sharma
@Echo * Report Format: CSV or XLS
@Echo * Report Files : DSLOG.CSV (Full Report)
@Echo *              : Auth-DS.csv (Summary)
@Echo * Authentiction: Four Supported
@Echo * Different Dom: Yes
@Echo * Login Mode   : Built-in
@echo  =========================================================


@echo 1. Enter Server List…(e.i. C:\DSLOG\Servers.txt)
@echo ==========================================================
set /P srvlist=” “
@echo 2. Enter the number of previous days to search…(1 to 99)
@echo ==========================================================
set /P LogDays=
@echo 3. Only (1)-Warning, (2)-Error, (3)-Both…
@echo ==========================================================
set /P OnlyWE=


IF exist %srvlist% (
  Echo Server list found: %srvlist%
  Echo Processing all the servers from %srvlist%
  CLS


) ELSE (
  CLS
  Echo Server list NOT found: %srvlist%
  Echo Exiting…
  goto:EOF


)
  SET DC_NOT=
  SET Tot_War=
  SET Tot_Err=
  SET Int_Logon=
  SET ComERRAU=
  SET Auto_login=
  SET ComERRAuto=
  SET AU_Login=
  SET ServerStat=
  SET TKL_NEW=
  SET TKL_OLD=
  SET Rem_Req=
  SET PSEXEC_SPU=
  SET DST_Stat=
  SET AOS_Ver=
  SET AOS_Folder=
  SET AOS_Un=
  SET Final_login=
  SET ComERR=
  SET NewComERR=


set /a totsrv=0
set /a totcnt=0


FOR /F %%a in (%srvlist%) DO SET /a totsrv=!totsrv!+1


  SET Auto_login=
  SET DC_NOT=
  SET Tot_War=
  SET Tot_Err=
  SET ComERRAuto=
  SET ComERRAU=
  SET AU_Login=
  SET ServerStat=
  SET TKL_NEW=
  SET TKL_OLD=
  SET Rem_Req=
  SET AOS_Ver=
  SET AOS_Folder=
  SET AOS_Un=
  SET Final_login=
  SET ComERR=
  SET NewComERR=
  SET PS_Rem=


Title Directory Service log is in progress…


IF exist C:\DSLOG\Report.csv Del C:\DSLOG\Report.csv
IF exist C:\DSLOG\HostsAlive.txt Del C:\DSLOG\HostsAlive.txt
IF exist C:\DSLOG\HostsDown.txt Del C:\DSLOG\HostsDown.txt
IF exist C:\DSLOG\Alreadydone.txt Del C:\DSLOG\AlreadyDone.txt
IF exist C:\DSLOG\ToBeDone.txt Del C:\DSLOG\ToBeDone.txt
IF exist C:\DSLOG\RemovedDST.txt Del C:\DSLOG\RemovedDST.txt
IF exist C:\DSLOG\RemoveFailed.txt Del C:\DSLOG\RemoveFailed.txt
IF exist C:\DSLOG\PSFailed.txt Del C:\DSLOG\PSFailed.txt
IF exist C:\DSLOG\PSSuccess.txt Del C:\DSLOG\PSSuccess.txt
IF exist C:\DSLOG\Auth-DS.csv Del C:\DSLOG\Auth-DS.csv
IF exist C:\DSLOG\DSLOG.csv Del C:\DSLOG\DSLOG.csv


Echo Server Name, Up/Down, Login-1, Login-2, Login-3, Login-4, Final Login?,DC?, OS Version, Total Warning MSG, Total Error MSG >> Auth-DS.csv


Echo Log No, Log Name, Source, Type, Server, Date-Time, Event ID, Other >> DSLOG.CSV


FOR /F “TOKENS=*” %%a IN (%srvlist%) DO CALL:DONOW “%%a”


:DONOW


SET srvname=%~1


IF [%OldSrv%] == [] SET OldSrv=%srvname%


SET /a totcnt=%totcnt%+1


CLS


Echo 1.Processing Server: %srvname% Total Server:[%totcnt% Of %totsrv%] Last Server: %OldSrv%
Echo 2.Checking Connectivity……………


IF exist C:\DSLOG\pingresult.txt Del C:\DSLOG\pingresult.txt


Ping -n 1 %srvname% > PingResult.txt 2>&1


FIND /i “Reply From” < PingResult.txt > DoNotShow.txt 2>&1


IF %errorlevel% == 0 (
  SET ServerStat=UP


  Echo 3.Reply received from Host %srvname%
  Echo %srvname% >> HostsAlive.txt
  REM This is to check wether currently logged in user have access or not.


  IF exist C:\DSLOG\Access.txt Del C:\DSLOG\Access.txt
  IF exist C:\DSLOG\NoAccess.txt Del C:\DSLOG\NoAccess.txt


  Echo 4.Checking Access for Currently Logged on user on Server: %srvname%


  DIR \\%srvname%\C$ > Access.txt 2>&1
  FIND /i “File(s)” < Access.txt > DoNotShow.txt


  IF !errorlevel! NEQ 0 (


     FOR /F “Tokens=*” %%T In (‘Type Access.txt’) DO SET NewComERR=”%%T”


     IF exist C:\DSLOG\TKLold.txt Del C:\DSLOG\TKLold.txt


     Echo 5.Login 1 failed…checking Login 2


     NET USE T: /delete > DoNotShow.txt 2>&1
     NET USE T: \\%srvname%\c$ /user:TKLUser Password > TKLOld.txt 2>&1
     FIND /i “The command completed successfully.” < TKLold.txt > DoNotShow.txt 2>&1


     IF !errorlevel! NEQ 0 (
        Echo 6.Login 2 also failed…
        SET TKL_Old=Failed
        SET TKL_New=Failed
        SET Final_Login=Failed
        FOR /F “Tokens=*” %%T In (‘Type TKLold.txt’) DO SET ComERR=”%%T”
        IF exist C:\DSLOG\TRLogin.txt Del C:\DSLOG\TRLogin.txt


        Echo 5.Checking Login 3…


        NET USE T: /delete > DoNotShow.txt 2>&1
        NET USE T: \\%srvname%\c$ /user:Test\TKLUser Password > TRLogin.txt 2>&1
        FIND /i “The command completed successfully.” < TRLogin.txt > DoNotShow.txt 2>&1


        IF !errorlevel! NEQ 0 (


           Echo 7.Login 3 also failed…


           SET TKL_Old=Failed
           SET TKL_New=Failed
           SET AU_Login=Failed    
           SET Final_Login=Failed
           FOR /F “Tokens=*” %%T In (‘Type TRLogin.txt’) DO SET ComERRAU=”%%T”


           IF exist C:\DSLOG\Autologin.txt Del C:\DSLOG\AutoLogin.txt


           Echo 5.Checking Login 4…


           NET USE T: /delete > DoNotShow.txt 2>&1
           NET USE T: \\%srvname%\c$ /user:TestAutoING\user Password > AutoLogin.txt 2>&1
           FIND /i “The command completed successfully.” < AutoLogin.txt > DoNotShow.txt 2>&1
           IF !errorlevel! NEQ 0 (
              Echo 7.Login 4 also failed…


              SET TKL_Old=Failed
              SET TKL_New=Failed
              SET AU_Login=Failed    
              SET Auto_login=Failed
              SET Final_Login=Failed
              FOR /F “Tokens=*” %%T In (‘Type AutoLogin.txt’) DO SET ComERRAuto=”%%T”


           ) ELSE (


              SET ComERRAuto=
              Echo 7.Login 4 passed !…
              SET TKL_Old=Failed
              SET TKL_New=Failed
              SET AU_Login=Failed
              SET Auto_Login=Passed
              SET Final_Login=Passed
           )


        ) ELSE (


           SET ComERRAU=
           Echo 7.Login 3 Passed…
           SET TKL_Old=Failed
           SET TKL_New=Failed
           SET AU_Login=Passed
           SET Final_Login=Passed
        )


     ) ELSE (
        SET ComERR=
        Echo 6.Login 2 Passed…
        SET TKL_New=Failed
        SET TKL_old=Passed
        SET Final_Login=Passed
     )


  ) ELSE (
     SET NewComERR=


     Echo 5.Currently Logged on user have access…
     Echo 6.Login 1 Passed…


     SET TKL_New=Passed
     SET Final_Login=Passed
     SET TKL_Old=Not Checked
  )     
  IF !Final_Login! == Failed (
     SET DLS_B=
     SET BIAS_B=
     SET DLS_A=
     SET BIAS_A=
     SET TimeZone_N=
     SET PSEXEC_TZ=
     SET Rem_Req=
     SET AOS_Ver=
     SET AOS_Folder=
     SET AOS_Un=
     SET PSEXEC_SPU=
     SET Uninst_Fold=
     SET Os_Auto_E=


     Echo 5.Login Failed…user DON’T have access.
     Echo %srvname% >> NoAccess.txt


  ) ELSE (


     Echo 5.Currently Logged in user have access on C:\ drive.


     Echo 6.Check OS Version and Windows System Folder name…


     IF exist C:\DSLOG\Windir.txt Del C:\DSLOG\Windir.txt
     IF exist C:\DSLOG\UnFold.txt Del C:\DSLOG\UnFold.txt


     Psexec.exe \\%srvname% cmd.exe /c SET > Windir.txt 2>&1
     FIND /i “windir=C:\WINDOWS” < Windir.txt > DoNotShow.txt 2>&1
     IF !errorlevel! == 0 (
    SET AOS_Ver=”Windows 2003″


        Echo 6.OS Version: !AOS_Ver! 


     ) ELSE (
        SET AOS_Ver=”Windows 2000″
        Echo 6.OS Version: !AOS_Ver! 


     )


     Echo SERVER NAME: %srvname% >> DSLOG.CSV
     ECHO ========================== >> DSLOG.csv


     IF exist C:\DSLOG\DSLOG.txt Del C:\DSLOG\DSLOG.txt


     Echo 6.Checking Directory Service Log on Server…
     IF %OnlyWE% == 1 (
    psloglist \\%srvname% “Directory Service” -f w -s -d %LogDays% -x >> DSLOG.cSV
    psloglist \\%srvname% “Directory Service” -f w -s -d %LogDays% -x >> DSLOG.txt
     )
     IF %OnlyWE% == 2 (
    psloglist \\%srvname% “Directory Service” -f e -s -d %LogDays% -x >> DSLOG.cSV
    psloglist \\%srvname% “Directory Service” -f e -s -d %LogDays% -x >> DSLOG.txt
     )
     IF %OnlyWE% == 3 (
    psloglist \\%srvname% “Directory Service” -f we -s -d %LogDays% -x >> DSLOG.CSV
    psloglist \\%srvname% “Directory Service” -f we -s -d %LogDays% -x >> DSLOG.txt
     )


     Find /i “Could not locate the specified event log” < DSLOG.txt >> DoNotShow.txt


     if !errorlevel! == 0 (
    SET DC_NOT=NO
     ) ELSe (
    SET DC_NOT=YES
     )


     IF exist C:\DSLOG\TotWar.txt Del C:\DSLOG\Totwar.txt


     Find /c “WARNING” < DSLOG.txt >> TotWar.txt
     FOR /F “Tokens=*” %%a in (Totwar.txt) DO SET Tot_War=%%a


     IF exist C:\DSLOG\TotErr.txt Del C:\DSLOG\TotErr.txt
     Find /c “ERROR” < DSLOG.txt >> TotErr.txt
     FOR /F “Tokens=*” %%a in (TotErr.txt) DO SET Tot_Err=%%a


   )
) ELSE (


  SET ServerStat=Down


  Find /i “Request Timed” < PingResult.txt > DoNotShow.txt


  IF !errorlevel! == 0 (
     SET ServerStat=Request Timed Out
  ) ELSE (
     SET ServerStat=Uknown Host
  )


  SET TKL_NEW=
  SET TKL_OLD=
  SET DC_NOT=
  SET AOS_Ver=
  SET AOS_Folder=
  SET AOS_Un=
  SET Rem_Req=
  SET ComERR=
  SET NewComERR=
  SET PS_Rem=
  SET AU_Login=
  SET ComERRAU=
  SET Int_Logon=
  SET Tot_War=
  SET Tot_Err=
  SET Auto_login=
  SET ComERRAuto=


  Echo %srvname% >> HostsDown.txt
  Echo 3.Reply NOT received from Host %srvname%


)


SET OldSrv=%srvname%


IF [!srvname!] == [] (


  Echo Empty


) ELSE (


ECHO %srvname%, %ServerStat%, %TKL_NEW%, %TKL_OLD%, %AU_Login%, %Auto_Login%, %Final_Login%, %DC_NOT%, %AOS_Ver%, %Tot_War%, %Tot_Err% >> Auth-DS.csv


  SET ServerStat=Down
  SET DC_NOT=
  SET Final_login=
  SET TKL_NEW=
  SET Int_Logon=
  SET TKL_OLD=
  SET Rem_Req=
  SET AOS_Ver=
  SET AOS_Folder=
  SET AOS_Un=
  SET Rem_Req=Yes
  SET ComERR=
  SET NewComERR=
  SET PS_Rem=
  SET Tot_War=
  SET Tot_Err=
  SET AU_Login=
  SET ComERRAU=
  SET Auto_login=
  SET ComERRAuto=


)


:eof