The following script checks the Directory Service log on domain controllers specified in a Servers.txt file or any other TXT file. The report format is in CSV and four authentication is supported by this script. You can run the script in different domains also.
1. Create a folder in C:\ drive DSLOG.
2. Download Psloglist.exe and Psexec.exe from Microsoft site and copy it to C:\DSLOG
3. Create a TXT file for servers.
@echo off
cls
setlocal enabledelayedexpansion
@echo *=======================================
@Echo * Script to Report Directory Service Log
@Echo * Author : Nirmal Sharma
@Echo * Report Format: CSV or XLS
@Echo * Report Files : DSLOG.CSV (Full Report)
@Echo * : Auth-DS.csv (Summary)
@Echo * Authentiction: Four Supported
@Echo * Different Dom: Yes
@Echo * Login Mode : Built-in
@echo =========================================================
@echo 1. Enter Server List…(e.i. C:\DSLOG\Servers.txt)
@echo ==========================================================
set /P srvlist=” “
@echo 2. Enter the number of previous days to search…(1 to 99)
@echo ==========================================================
set /P LogDays=
@echo 3. Only (1)-Warning, (2)-Error, (3)-Both…
@echo ==========================================================
set /P OnlyWE=
IF exist %srvlist% (
Echo Server list found: %srvlist%
Echo Processing all the servers from %srvlist%
CLS
) ELSE (
CLS
Echo Server list NOT found: %srvlist%
Echo Exiting…
goto:EOF
)
SET DC_NOT=
SET Tot_War=
SET Tot_Err=
SET Int_Logon=
SET ComERRAU=
SET Auto_login=
SET ComERRAuto=
SET AU_Login=
SET ServerStat=
SET TKL_NEW=
SET TKL_OLD=
SET Rem_Req=
SET PSEXEC_SPU=
SET DST_Stat=
SET AOS_Ver=
SET AOS_Folder=
SET AOS_Un=
SET Final_login=
SET ComERR=
SET NewComERR=
set /a totsrv=0
set /a totcnt=0
FOR /F %%a in (%srvlist%) DO SET /a totsrv=!totsrv!+1
SET Auto_login=
SET DC_NOT=
SET Tot_War=
SET Tot_Err=
SET ComERRAuto=
SET ComERRAU=
SET AU_Login=
SET ServerStat=
SET TKL_NEW=
SET TKL_OLD=
SET Rem_Req=
SET AOS_Ver=
SET AOS_Folder=
SET AOS_Un=
SET Final_login=
SET ComERR=
SET NewComERR=
SET PS_Rem=
Title Directory Service log is in progress…
IF exist C:\DSLOG\Report.csv Del C:\DSLOG\Report.csv
IF exist C:\DSLOG\HostsAlive.txt Del C:\DSLOG\HostsAlive.txt
IF exist C:\DSLOG\HostsDown.txt Del C:\DSLOG\HostsDown.txt
IF exist C:\DSLOG\Alreadydone.txt Del C:\DSLOG\AlreadyDone.txt
IF exist C:\DSLOG\ToBeDone.txt Del C:\DSLOG\ToBeDone.txt
IF exist C:\DSLOG\RemovedDST.txt Del C:\DSLOG\RemovedDST.txt
IF exist C:\DSLOG\RemoveFailed.txt Del C:\DSLOG\RemoveFailed.txt
IF exist C:\DSLOG\PSFailed.txt Del C:\DSLOG\PSFailed.txt
IF exist C:\DSLOG\PSSuccess.txt Del C:\DSLOG\PSSuccess.txt
IF exist C:\DSLOG\Auth-DS.csv Del C:\DSLOG\Auth-DS.csv
IF exist C:\DSLOG\DSLOG.csv Del C:\DSLOG\DSLOG.csv
Echo Server Name, Up/Down, Login-1, Login-2, Login-3, Login-4, Final Login?,DC?, OS Version, Total Warning MSG, Total Error MSG >> Auth-DS.csv
Echo Log No, Log Name, Source, Type, Server, Date-Time, Event ID, Other >> DSLOG.CSV
FOR /F “TOKENS=*” %%a IN (%srvlist%) DO CALL:DONOW “%%a”
:DONOW
SET srvname=%~1
IF [%OldSrv%] == [] SET OldSrv=%srvname%
SET /a totcnt=%totcnt%+1
CLS
Echo 1.Processing Server: %srvname% Total Server:[%totcnt% Of %totsrv%] Last Server: %OldSrv%
Echo 2.Checking Connectivity……………
IF exist C:\DSLOG\pingresult.txt Del C:\DSLOG\pingresult.txt
Ping -n 1 %srvname% > PingResult.txt 2>&1
FIND /i “Reply From” < PingResult.txt > DoNotShow.txt 2>&1
IF %errorlevel% == 0 (
SET ServerStat=UP
Echo 3.Reply received from Host %srvname%
Echo %srvname% >> HostsAlive.txt
REM This is to check wether currently logged in user have access or not.
IF exist C:\DSLOG\Access.txt Del C:\DSLOG\Access.txt
IF exist C:\DSLOG\NoAccess.txt Del C:\DSLOG\NoAccess.txt
Echo 4.Checking Access for Currently Logged on user on Server: %srvname%
DIR \\%srvname%\C$ > Access.txt 2>&1
FIND /i “File(s)” < Access.txt > DoNotShow.txt
IF !errorlevel! NEQ 0 (
FOR /F “Tokens=*” %%T In (‘Type Access.txt’) DO SET NewComERR=”%%T”
IF exist C:\DSLOG\TKLold.txt Del C:\DSLOG\TKLold.txt
Echo 5.Login 1 failed…checking Login 2
NET USE T: /delete > DoNotShow.txt 2>&1
NET USE T: \\%srvname%\c$ /user:TKLUser Password > TKLOld.txt 2>&1
FIND /i “The command completed successfully.” < TKLold.txt > DoNotShow.txt 2>&1
IF !errorlevel! NEQ 0 (
Echo 6.Login 2 also failed…
SET TKL_Old=Failed
SET TKL_New=Failed
SET Final_Login=Failed
FOR /F “Tokens=*” %%T In (‘Type TKLold.txt’) DO SET ComERR=”%%T”
IF exist C:\DSLOG\TRLogin.txt Del C:\DSLOG\TRLogin.txt
Echo 5.Checking Login 3…
NET USE T: /delete > DoNotShow.txt 2>&1
NET USE T: \\%srvname%\c$ /user:Test\TKLUser Password > TRLogin.txt 2>&1
FIND /i “The command completed successfully.” < TRLogin.txt > DoNotShow.txt 2>&1
IF !errorlevel! NEQ 0 (
Echo 7.Login 3 also failed…
SET TKL_Old=Failed
SET TKL_New=Failed
SET AU_Login=Failed
SET Final_Login=Failed
FOR /F “Tokens=*” %%T In (‘Type TRLogin.txt’) DO SET ComERRAU=”%%T”
IF exist C:\DSLOG\Autologin.txt Del C:\DSLOG\AutoLogin.txt
Echo 5.Checking Login 4…
NET USE T: /delete > DoNotShow.txt 2>&1
NET USE T: \\%srvname%\c$ /user:TestAutoING\user Password > AutoLogin.txt 2>&1
FIND /i “The command completed successfully.” < AutoLogin.txt > DoNotShow.txt 2>&1
IF !errorlevel! NEQ 0 (
Echo 7.Login 4 also failed…
SET TKL_Old=Failed
SET TKL_New=Failed
SET AU_Login=Failed
SET Auto_login=Failed
SET Final_Login=Failed
FOR /F “Tokens=*” %%T In (‘Type AutoLogin.txt’) DO SET ComERRAuto=”%%T”
) ELSE (
SET ComERRAuto=
Echo 7.Login 4 passed !…
SET TKL_Old=Failed
SET TKL_New=Failed
SET AU_Login=Failed
SET Auto_Login=Passed
SET Final_Login=Passed
)
) ELSE (
SET ComERRAU=
Echo 7.Login 3 Passed…
SET TKL_Old=Failed
SET TKL_New=Failed
SET AU_Login=Passed
SET Final_Login=Passed
)
) ELSE (
SET ComERR=
Echo 6.Login 2 Passed…
SET TKL_New=Failed
SET TKL_old=Passed
SET Final_Login=Passed
)
) ELSE (
SET NewComERR=
Echo 5.Currently Logged on user have access…
Echo 6.Login 1 Passed…
SET TKL_New=Passed
SET Final_Login=Passed
SET TKL_Old=Not Checked
)
IF !Final_Login! == Failed (
SET DLS_B=
SET BIAS_B=
SET DLS_A=
SET BIAS_A=
SET TimeZone_N=
SET PSEXEC_TZ=
SET Rem_Req=
SET AOS_Ver=
SET AOS_Folder=
SET AOS_Un=
SET PSEXEC_SPU=
SET Uninst_Fold=
SET Os_Auto_E=
Echo 5.Login Failed…user DON’T have access.
Echo %srvname% >> NoAccess.txt
) ELSE (
Echo 5.Currently Logged in user have access on C:\ drive.
Echo 6.Check OS Version and Windows System Folder name…
IF exist C:\DSLOG\Windir.txt Del C:\DSLOG\Windir.txt
IF exist C:\DSLOG\UnFold.txt Del C:\DSLOG\UnFold.txt
Psexec.exe \\%srvname% cmd.exe /c SET > Windir.txt 2>&1
FIND /i “windir=C:\WINDOWS” < Windir.txt > DoNotShow.txt 2>&1
IF !errorlevel! == 0 (
SET AOS_Ver=”Windows 2003″
Echo 6.OS Version: !AOS_Ver!
) ELSE (
SET AOS_Ver=”Windows 2000″
Echo 6.OS Version: !AOS_Ver!
)
Echo SERVER NAME: %srvname% >> DSLOG.CSV
ECHO ========================== >> DSLOG.csv
IF exist C:\DSLOG\DSLOG.txt Del C:\DSLOG\DSLOG.txt
Echo 6.Checking Directory Service Log on Server…
IF %OnlyWE% == 1 (
psloglist \\%srvname% “Directory Service” -f w -s -d %LogDays% -x >> DSLOG.cSV
psloglist \\%srvname% “Directory Service” -f w -s -d %LogDays% -x >> DSLOG.txt
)
IF %OnlyWE% == 2 (
psloglist \\%srvname% “Directory Service” -f e -s -d %LogDays% -x >> DSLOG.cSV
psloglist \\%srvname% “Directory Service” -f e -s -d %LogDays% -x >> DSLOG.txt
)
IF %OnlyWE% == 3 (
psloglist \\%srvname% “Directory Service” -f we -s -d %LogDays% -x >> DSLOG.CSV
psloglist \\%srvname% “Directory Service” -f we -s -d %LogDays% -x >> DSLOG.txt
)
Find /i “Could not locate the specified event log” < DSLOG.txt >> DoNotShow.txt
if !errorlevel! == 0 (
SET DC_NOT=NO
) ELSe (
SET DC_NOT=YES
)
IF exist C:\DSLOG\TotWar.txt Del C:\DSLOG\Totwar.txt
Find /c “WARNING” < DSLOG.txt >> TotWar.txt
FOR /F “Tokens=*” %%a in (Totwar.txt) DO SET Tot_War=%%a
IF exist C:\DSLOG\TotErr.txt Del C:\DSLOG\TotErr.txt
Find /c “ERROR” < DSLOG.txt >> TotErr.txt
FOR /F “Tokens=*” %%a in (TotErr.txt) DO SET Tot_Err=%%a
)
) ELSE (
SET ServerStat=Down
Find /i “Request Timed” < PingResult.txt > DoNotShow.txt
IF !errorlevel! == 0 (
SET ServerStat=Request Timed Out
) ELSE (
SET ServerStat=Uknown Host
)
SET TKL_NEW=
SET TKL_OLD=
SET DC_NOT=
SET AOS_Ver=
SET AOS_Folder=
SET AOS_Un=
SET Rem_Req=
SET ComERR=
SET NewComERR=
SET PS_Rem=
SET AU_Login=
SET ComERRAU=
SET Int_Logon=
SET Tot_War=
SET Tot_Err=
SET Auto_login=
SET ComERRAuto=
Echo %srvname% >> HostsDown.txt
Echo 3.Reply NOT received from Host %srvname%
)
SET OldSrv=%srvname%
IF [!srvname!] == [] (
Echo Empty
) ELSE (
ECHO %srvname%, %ServerStat%, %TKL_NEW%, %TKL_OLD%, %AU_Login%, %Auto_Login%, %Final_Login%, %DC_NOT%, %AOS_Ver%, %Tot_War%, %Tot_Err% >> Auth-DS.csv
SET ServerStat=Down
SET DC_NOT=
SET Final_login=
SET TKL_NEW=
SET Int_Logon=
SET TKL_OLD=
SET Rem_Req=
SET AOS_Ver=
SET AOS_Folder=
SET AOS_Un=
SET Rem_Req=Yes
SET ComERR=
SET NewComERR=
SET PS_Rem=
SET Tot_War=
SET Tot_Err=
SET AU_Login=
SET ComERRAU=
SET Auto_login=
SET ComERRAuto=
)
:eof