Check Directory Service log using a CMD Script

The following script checks the Directory Service log on domain controllers specified in a Servers.txt file or any other TXT file. The report format is in CSV and four authentication is supported by this script. You can run the script in different domains also.

1. Create a folder in C:\ drive DSLOG.

2. Download Psloglist.exe and Psexec.exe from Microsoft site and copy it to C:\DSLOG

3. Create a TXT file for servers.

@echo off

cls

setlocal enabledelayedexpansion

@echo *=======================================
@Echo * Script to Report Directory Service Log
@Echo * Author       : Nirmal Sharma
@Echo * Report Format: CSV or XLS
@Echo * Report Files : DSLOG.CSV (Full Report)
@Echo *              : Auth-DS.csv (Summary)
@Echo * Authentiction: Four Supported
@Echo * Different Dom: Yes
@Echo * Login Mode   : Built-in
@echo  =========================================================

@echo 1. Enter Server List…(e.i. C:\DSLOG\Servers.txt)
@echo ==========================================================
set /P srvlist=” “
@echo 2. Enter the number of previous days to search…(1 to 99)
@echo ==========================================================
set /P LogDays=
@echo 3. Only (1)-Warning, (2)-Error, (3)-Both…
@echo ==========================================================
set /P OnlyWE=

IF exist %srvlist% (
  Echo Server list found: %srvlist%
  Echo Processing all the servers from %srvlist%
  CLS

) ELSE (
  CLS
  Echo Server list NOT found: %srvlist%
  Echo Exiting…
  goto:EOF

)
  SET DC_NOT=
  SET Tot_War=
  SET Tot_Err=
  SET Int_Logon=
  SET ComERRAU=
  SET Auto_login=
  SET ComERRAuto=
  SET AU_Login=
  SET ServerStat=
  SET TKL_NEW=
  SET TKL_OLD=
  SET Rem_Req=
  SET PSEXEC_SPU=
  SET DST_Stat=
  SET AOS_Ver=
  SET AOS_Folder=
  SET AOS_Un=
  SET Final_login=
  SET ComERR=
  SET NewComERR=

set /a totsrv=0
set /a totcnt=0

FOR /F %%a in (%srvlist%) DO SET /a totsrv=!totsrv!+1

  SET Auto_login=
  SET DC_NOT=
  SET Tot_War=
  SET Tot_Err=
  SET ComERRAuto=
  SET ComERRAU=
  SET AU_Login=
  SET ServerStat=
  SET TKL_NEW=
  SET TKL_OLD=
  SET Rem_Req=
  SET AOS_Ver=
  SET AOS_Folder=
  SET AOS_Un=
  SET Final_login=
  SET ComERR=
  SET NewComERR=
  SET PS_Rem=

Title Directory Service log is in progress…

IF exist C:\DSLOG\Report.csv Del C:\DSLOG\Report.csv
IF exist C:\DSLOG\HostsAlive.txt Del C:\DSLOG\HostsAlive.txt
IF exist C:\DSLOG\HostsDown.txt Del C:\DSLOG\HostsDown.txt
IF exist C:\DSLOG\Alreadydone.txt Del C:\DSLOG\AlreadyDone.txt
IF exist C:\DSLOG\ToBeDone.txt Del C:\DSLOG\ToBeDone.txt
IF exist C:\DSLOG\RemovedDST.txt Del C:\DSLOG\RemovedDST.txt
IF exist C:\DSLOG\RemoveFailed.txt Del C:\DSLOG\RemoveFailed.txt
IF exist C:\DSLOG\PSFailed.txt Del C:\DSLOG\PSFailed.txt
IF exist C:\DSLOG\PSSuccess.txt Del C:\DSLOG\PSSuccess.txt
IF exist C:\DSLOG\Auth-DS.csv Del C:\DSLOG\Auth-DS.csv
IF exist C:\DSLOG\DSLOG.csv Del C:\DSLOG\DSLOG.csv

Echo Server Name, Up/Down, Login-1, Login-2, Login-3, Login-4, Final Login?,DC?, OS Version, Total Warning MSG, Total Error MSG >> Auth-DS.csv

Echo Log No, Log Name, Source, Type, Server, Date-Time, Event ID, Other >> DSLOG.CSV

FOR /F “TOKENS=*” %%a IN (%srvlist%) DO CALL:DONOW “%%a”

:DONOW

SET srvname=%~1

IF [%OldSrv%] == [] SET OldSrv=%srvname%

SET /a totcnt=%totcnt%+1

CLS

Echo 1.Processing Server: %srvname% Total Server:[%totcnt% Of %totsrv%] Last Server: %OldSrv%
Echo 2.Checking Connectivity……………

IF exist C:\DSLOG\pingresult.txt Del C:\DSLOG\pingresult.txt

Ping -n 1 %srvname% > PingResult.txt 2>&1

FIND /i “Reply From” < PingResult.txt > DoNotShow.txt 2>&1

IF %errorlevel% == 0 (
  SET ServerStat=UP

  Echo 3.Reply received from Host %srvname%
  Echo %srvname% >> HostsAlive.txt
  REM This is to check wether currently logged in user have access or not.

  IF exist C:\DSLOG\Access.txt Del C:\DSLOG\Access.txt
  IF exist C:\DSLOG\NoAccess.txt Del C:\DSLOG\NoAccess.txt

  Echo 4.Checking Access for Currently Logged on user on Server: %srvname%

  DIR \\%srvname%\C$ > Access.txt 2>&1
  FIND /i “File(s)” < Access.txt > DoNotShow.txt

  IF !errorlevel! NEQ 0 (

     FOR /F “Tokens=*” %%T In (‘Type Access.txt’) DO SET NewComERR=”%%T”

     IF exist C:\DSLOG\TKLold.txt Del C:\DSLOG\TKLold.txt

     Echo 5.Login 1 failed…checking Login 2

     NET USE T: /delete > DoNotShow.txt 2>&1
     NET USE T: \\%srvname%\c$ /user:TKLUser Password > TKLOld.txt 2>&1
     FIND /i “The command completed successfully.” < TKLold.txt > DoNotShow.txt 2>&1

     IF !errorlevel! NEQ 0 (
        Echo 6.Login 2 also failed…
        SET TKL_Old=Failed
        SET TKL_New=Failed
        SET Final_Login=Failed
        FOR /F “Tokens=*” %%T In (‘Type TKLold.txt’) DO SET ComERR=”%%T”
        IF exist C:\DSLOG\TRLogin.txt Del C:\DSLOG\TRLogin.txt

        Echo 5.Checking Login 3…

        NET USE T: /delete > DoNotShow.txt 2>&1
        NET USE T: \\%srvname%\c$ /user:Test\TKLUser Password > TRLogin.txt 2>&1
        FIND /i “The command completed successfully.” < TRLogin.txt > DoNotShow.txt 2>&1

        IF !errorlevel! NEQ 0 (

           Echo 7.Login 3 also failed…

           SET TKL_Old=Failed
           SET TKL_New=Failed
           SET AU_Login=Failed    
           SET Final_Login=Failed
           FOR /F “Tokens=*” %%T In (‘Type TRLogin.txt’) DO SET ComERRAU=”%%T”

           IF exist C:\DSLOG\Autologin.txt Del C:\DSLOG\AutoLogin.txt

           Echo 5.Checking Login 4…

           NET USE T: /delete > DoNotShow.txt 2>&1
           NET USE T: \\%srvname%\c$ /user:TestAutoING\user Password > AutoLogin.txt 2>&1
           FIND /i “The command completed successfully.” < AutoLogin.txt > DoNotShow.txt 2>&1
           IF !errorlevel! NEQ 0 (
              Echo 7.Login 4 also failed…

              SET TKL_Old=Failed
              SET TKL_New=Failed
              SET AU_Login=Failed    
              SET Auto_login=Failed
              SET Final_Login=Failed
              FOR /F “Tokens=*” %%T In (‘Type AutoLogin.txt’) DO SET ComERRAuto=”%%T”

           ) ELSE (

              SET ComERRAuto=
              Echo 7.Login 4 passed !…
              SET TKL_Old=Failed
              SET TKL_New=Failed
              SET AU_Login=Failed
              SET Auto_Login=Passed
              SET Final_Login=Passed
           )

        ) ELSE (

           SET ComERRAU=
           Echo 7.Login 3 Passed…
           SET TKL_Old=Failed
           SET TKL_New=Failed
           SET AU_Login=Passed
           SET Final_Login=Passed
        )

     ) ELSE (
        SET ComERR=
        Echo 6.Login 2 Passed…
        SET TKL_New=Failed
        SET TKL_old=Passed
        SET Final_Login=Passed
     )

  ) ELSE (
     SET NewComERR=

     Echo 5.Currently Logged on user have access…
     Echo 6.Login 1 Passed…

     SET TKL_New=Passed
     SET Final_Login=Passed
     SET TKL_Old=Not Checked
  )     
  IF !Final_Login! == Failed (
     SET DLS_B=
     SET BIAS_B=
     SET DLS_A=
     SET BIAS_A=
     SET TimeZone_N=
     SET PSEXEC_TZ=
     SET Rem_Req=
     SET AOS_Ver=
     SET AOS_Folder=
     SET AOS_Un=
     SET PSEXEC_SPU=
     SET Uninst_Fold=
     SET Os_Auto_E=

     Echo 5.Login Failed…user DON’T have access.
     Echo %srvname% >> NoAccess.txt

  ) ELSE (

     Echo 5.Currently Logged in user have access on C:\ drive.

     Echo 6.Check OS Version and Windows System Folder name…

     IF exist C:\DSLOG\Windir.txt Del C:\DSLOG\Windir.txt
     IF exist C:\DSLOG\UnFold.txt Del C:\DSLOG\UnFold.txt

     Psexec.exe \\%srvname% cmd.exe /c SET > Windir.txt 2>&1
     FIND /i “windir=C:\WINDOWS” < Windir.txt > DoNotShow.txt 2>&1
     IF !errorlevel! == 0 (
    SET AOS_Ver=”Windows 2003″

        Echo 6.OS Version: !AOS_Ver! 

     ) ELSE (
        SET AOS_Ver=”Windows 2000″
        Echo 6.OS Version: !AOS_Ver! 

     )

     Echo SERVER NAME: %srvname% >> DSLOG.CSV
     ECHO ========================== >> DSLOG.csv

     IF exist C:\DSLOG\DSLOG.txt Del C:\DSLOG\DSLOG.txt

     Echo 6.Checking Directory Service Log on Server…
     IF %OnlyWE% == 1 (
    psloglist \\%srvname% “Directory Service” -f w -s -d %LogDays% -x >> DSLOG.cSV
    psloglist \\%srvname% “Directory Service” -f w -s -d %LogDays% -x >> DSLOG.txt
     )
     IF %OnlyWE% == 2 (
    psloglist \\%srvname% “Directory Service” -f e -s -d %LogDays% -x >> DSLOG.cSV
    psloglist \\%srvname% “Directory Service” -f e -s -d %LogDays% -x >> DSLOG.txt
     )
     IF %OnlyWE% == 3 (
    psloglist \\%srvname% “Directory Service” -f we -s -d %LogDays% -x >> DSLOG.CSV
    psloglist \\%srvname% “Directory Service” -f we -s -d %LogDays% -x >> DSLOG.txt
     )

     Find /i “Could not locate the specified event log” < DSLOG.txt >> DoNotShow.txt

     if !errorlevel! == 0 (
    SET DC_NOT=NO
     ) ELSe (
    SET DC_NOT=YES
     )

     IF exist C:\DSLOG\TotWar.txt Del C:\DSLOG\Totwar.txt

     Find /c “WARNING” < DSLOG.txt >> TotWar.txt
     FOR /F “Tokens=*” %%a in (Totwar.txt) DO SET Tot_War=%%a

     IF exist C:\DSLOG\TotErr.txt Del C:\DSLOG\TotErr.txt
     Find /c “ERROR” < DSLOG.txt >> TotErr.txt
     FOR /F “Tokens=*” %%a in (TotErr.txt) DO SET Tot_Err=%%a

   )
) ELSE (

  SET ServerStat=Down

  Find /i “Request Timed” < PingResult.txt > DoNotShow.txt

  IF !errorlevel! == 0 (
     SET ServerStat=Request Timed Out
  ) ELSE (
     SET ServerStat=Uknown Host
  )

  SET TKL_NEW=
  SET TKL_OLD=
  SET DC_NOT=
  SET AOS_Ver=
  SET AOS_Folder=
  SET AOS_Un=
  SET Rem_Req=
  SET ComERR=
  SET NewComERR=
  SET PS_Rem=
  SET AU_Login=
  SET ComERRAU=
  SET Int_Logon=
  SET Tot_War=
  SET Tot_Err=
  SET Auto_login=
  SET ComERRAuto=

  Echo %srvname% >> HostsDown.txt
  Echo 3.Reply NOT received from Host %srvname%

)

SET OldSrv=%srvname%

IF [!srvname!] == [] (

  Echo Empty

) ELSE (

ECHO %srvname%, %ServerStat%, %TKL_NEW%, %TKL_OLD%, %AU_Login%, %Auto_Login%, %Final_Login%, %DC_NOT%, %AOS_Ver%, %Tot_War%, %Tot_Err% >> Auth-DS.csv

  SET ServerStat=Down
  SET DC_NOT=
  SET Final_login=
  SET TKL_NEW=
  SET Int_Logon=
  SET TKL_OLD=
  SET Rem_Req=
  SET AOS_Ver=
  SET AOS_Folder=
  SET AOS_Un=
  SET Rem_Req=Yes
  SET ComERR=
  SET NewComERR=
  SET PS_Rem=
  SET Tot_War=
  SET Tot_Err=
  SET AU_Login=
  SET ComERRAU=
  SET Auto_login=
  SET ComERRAuto=

)

:eof

Leave a Reply

Your email address will not be published. Required fields are marked *