How to check Directory Service Log using a CMD Script

The following script checks the Directory Service log on domain controllers specified in a Servers.txt file or any other TXT file. The report format is in CSV and four authentications are supported by this script. You can run the script in different domains also.
�
1. Create a folder in C:\ drive DSLOG.
2. Download Psloglist.exe and Psexec.exe from Microsoft site and copy it to C:\DSLOG
3. Create a TXT file for servers.
�
@echo off
cls
setlocal enabledelayedexpansion
@echo *=======================================
@Echo * Script to Report Directory Service Log
@Echo * Author������ : Nirmal Sharma
@Echo * Report Format: CSV or XLS
@Echo * Report Files : DSLOG.CSV (Full Report)
@Echo *������������� : Auth-DS.csv (Summary)
@Echo * Authentiction: Four Supported
@Echo * Different Dom: Yes
@Echo * Login Mode�� : Built-in
@echo� =========================================================
@echo 1. Enter Server List...(e.i. C:\DSLOG\Servers.txt)
@echo ==========================================================
set /P srvlist=" "
@echo 2. Enter the number of previous days to search...(1 to 99)
@echo ==========================================================
set /P LogDays=
@echo 3. Only (1)-Warning, (2)-Error, (3)-Both...
@echo ==========================================================
set /P OnlyWE=
IF exist %srvlist% (
� Echo Server list found: %srvlist%
� Echo Processing all the servers from %srvlist%
� CLS
) ELSE (
� CLS
� Echo Server list NOT found: %srvlist%
� Echo Exiting...
� goto:EOF
)
� SET DC_NOT=
� SET Tot_War=
� SET Tot_Err=
� SET Int_Logon=
� SET ComERRAU=
� SET Auto_login=
� SET ComERRAuto=
� SET ART_Login=
� SET ServerStat=
� SET TKL_NEW=
� SET TKL_OLD=
� SET Rem_Req=
� SET PSEXEC_SPU=
� SET DST_Stat=
� SET AOS_Ver=
� SET AOS_Folder=
� SET AOS_Un=
� SET Final_login=
� SET ComERR=
� SET NewComERR=
set /a totsrv=0
set /a totcnt=0
FOR /F %%a in (%srvlist%) DO SET /a totsrv=!totsrv!+1
� SET Auto_login=
� SET DC_NOT=
� SET Tot_War=
� SET Tot_Err=
� SET ComERRAuto=
� SET ComERRAU=
� SET ART_Login=
� SET ServerStat=
� SET TKL_NEW=
� SET TKL_OLD=
� SET Rem_Req=
� SET AOS_Ver=
� SET AOS_Folder=
� SET AOS_Un=
� SET Final_login=
� SET ComERR=
� SET NewComERR=
� SET PS_Rem=
Title Directory Service log is in progress...
IF exist C:\DSLOG\Report.csv Del C:\DSLOG\Report.csv
IF exist C:\DSLOG\HostsAlive.txt Del C:\DSLOG\HostsAlive.txt
IF exist C:\DSLOG\HostsDown.txt Del C:\DSLOG\HostsDown.txt
IF exist C:\DSLOG\Alreadydone.txt Del C:\DSLOG\AlreadyDone.txt
IF exist C:\DSLOG\ToBeDone.txt Del C:\DSLOG\ToBeDone.txt
IF exist C:\DSLOG\RemovedDST.txt Del C:\DSLOG\RemovedDST.txt
IF exist C:\DSLOG\RemoveFailed.txt Del C:\DSLOG\RemoveFailed.txt
IF exist C:\DSLOG\PSFailed.txt Del C:\DSLOG\PSFailed.txt
IF exist C:\DSLOG\PSSuccess.txt Del C:\DSLOG\PSSuccess.txt
IF exist C:\DSLOG\Auth-DS.csv Del C:\DSLOG\Auth-DS.csv
IF exist C:\DSLOG\DSLOG.csv Del C:\DSLOG\DSLOG.csv
Echo Server Name, Up/Down, Login-1, Login-2, Login-3, Login-4, Final Login?,DC?, OS Version, Total Warning MSG, Total Error MSG >> Auth-DS.csv
Echo Log No, Log Name, Source, Type, Server, Date-Time, Event ID, Other >> DSLOG.CSV
FOR /F "TOKENS=*" %%a IN (%srvlist%) DO CALL:DONOW "%%a"
:DONOW
SET srvname=%~1
IF [%OldSrv%] == [] SET OldSrv=%srvname%
SET /a totcnt=%totcnt%+1
CLS
Echo 1.Processing Server: %srvname% Total Server:[%totcnt% Of %totsrv%] Last Server: %OldSrv%
Echo 2.Checking Connectivity...............
IF exist C:\DSLOG\pingresult.txt Del C:\DSLOG\pingresult.txt
Ping -n 1 %srvname% > PingResult.txt 2>&1
FIND /i "Reply From" < PingResult.txt > DoNotShow.txt 2>&1
IF %errorlevel% == 0 (
� SET ServerStat=UP
� Echo 3.Reply received from Host %srvname%
� Echo %srvname% >> HostsAlive.txt
� REM This is to check wether currently logged in user have access or not.
� IF exist C:\DSLOG\Access.txt Del C:\DSLOG\Access.txt
� IF exist C:\DSLOG\NoAccess.txt Del C:\DSLOG\NoAccess.txt
� Echo 4.Checking Access for Currently Logged on user on Server: %srvname%
� DIR \\%srvname%\C$ > Access.txt 2>&1
� FIND /i "File(s)" < Access.txt > DoNotShow.txt
� IF !errorlevel! NEQ 0 (
���� FOR /F "Tokens=*" %%T In ('Type Access.txt') DO SET NewComERR="%%T"
���� IF exist C:\DSLOG\TKLold.txt Del C:\DSLOG\TKLold.txt
���� Echo 5.Login 1 failed...checking Login 2
���� NET USE T: /delete > DoNotShow.txt 2>&1
���� NET USE T: \\%srvname%\c$ /user:TKLUser Password > TKLOld.txt 2>&1
���� FIND /i "The command completed successfully." < TKLold.txt > DoNotShow.txt 2>&1
���� IF !errorlevel! NEQ 0 (
������� Echo 6.Login 2 also failed...
������� SET TKL_Old=Failed
������� SET TKL_New=Failed
������� SET Final_Login=Failed
������� FOR /F "Tokens=*" %%T In ('Type TKLold.txt') DO SET ComERR="%%T"
������� IF exist C:\DSLOG\TRLogin.txt Del C:\DSLOG\TRLogin.txt
������� Echo 5.Checking Login 3...
������� NET USE T: /delete > DoNotShow.txt 2>&1
������� NET USE T: \\%srvname%\c$ /user:Test\TKLUser Password > TRLogin.txt 2>&1
������� FIND /i "The command completed successfully." < TRLogin.txt > DoNotShow.txt 2>&1
������� IF !errorlevel! NEQ 0 (
���������� Echo 7.Login 3 also failed...
���������� SET TKL_Old=Failed
���������� SET TKL_New=Failed
���������� SET ART_Login=Failed����
���������� SET Final_Login=Failed
���������� FOR /F "Tokens=*" %%T In ('Type TRLogin.txt') DO SET ComERRAU="%%T"
���������� IF exist C:\DSLOG\Autologin.txt Del C:\DSLOG\AutoLogin.txt
���������� Echo 5.Checking Login 4...
���������� NET USE T: /delete > DoNotShow.txt 2>&1
���������� NET USE T: \\%srvname%\c$ /user:TestAutoING\user Password > AutoLogin.txt 2>&1
���������� FIND /i "The command completed successfully." < AutoLogin.txt > DoNotShow.txt 2>&1
���������� IF !errorlevel! NEQ 0 (
������������� Echo 7.Login 4 also failed...
������������� SET TKL_Old=Failed
������������� SET TKL_New=Failed
������������� SET ART_Login=Failed����
������������� SET Auto_login=Failed
������������� SET Final_Login=Failed
������������� FOR /F "Tokens=*" %%T In ('Type AutoLogin.txt') DO SET ComERRAuto="%%T"
���������� ) ELSE (
������������� SET ComERRAuto=
������������� Echo 7.Login 4 passed !...
������������� SET TKL_Old=Failed
������������� SET TKL_New=Failed
������������� SET ART_Login=Failed
������������� SET Auto_Login=Passed
������������� SET Final_Login=Passed
���������� )
������� ) ELSE (
���������� SET ComERRAU=
���������� Echo 7.Login 3 Passed...
���������� SET TKL_Old=Failed
���������� SET TKL_New=Failed
���������� SET ART_Login=Passed
���������� SET Final_Login=Passed
������� )
���� ) ELSE (
������� SET ComERR=
������� Echo 6.Login 2 Passed...
������� SET TKL_New=Failed
������� SET TKL_old=Passed
������� SET Final_Login=Passed
���� )
� ) ELSE (
���� SET NewComERR=
���� Echo 5.Currently Logged on user have access...
���� Echo 6.Login 1 Passed...
���� SET TKL_New=Passed
���� SET Final_Login=Passed
���� SET TKL_Old=Not Checked
� )�����
� IF !Final_Login! == Failed (
���� SET DLS_B=
���� SET BIAS_B=
���� SET DLS_A=
���� SET BIAS_A=
���� SET TimeZone_N=
���� SET PSEXEC_TZ=
���� SET Rem_Req=
���� SET AOS_Ver=
���� SET AOS_Folder=
���� SET AOS_Un=
���� SET PSEXEC_SPU=
���� SET Uninst_Fold=
���� SET Os_Auto_E=
���� Echo 5.Login Failed...user DON'T have access.
���� Echo %srvname% >> NoAccess.txt
� ) ELSE (
���� Echo 5.Currently Logged in user have access on C:\ drive.
���� Echo 6.Check OS Version and Windows System Folder name...
���� IF exist C:\DSLOG\Windir.txt Del C:\DSLOG\Windir.txt
���� IF exist C:\DSLOG\UnFold.txt Del C:\DSLOG\UnFold.txt
���� Psexec.exe \\%srvname% cmd.exe /c SET > Windir.txt 2>&1
���� FIND /i "windir=C:\WINDOWS" < Windir.txt > DoNotShow.txt 2>&1
���� IF !errorlevel! == 0 (
��� SET AOS_Ver="Windows 2003"
������� Echo 6.OS Version: !AOS_Ver!�
���� ) ELSE (
������� SET AOS_Ver="Windows 2000"
������� Echo 6.OS Version: !AOS_Ver!�
���� )
���� Echo SERVER NAME: %srvname% >> DSLOG.CSV
���� ECHO ========================== >> DSLOG.csv
���� IF exist C:\DSLOG\DSLOG.txt Del C:\DSLOG\DSLOG.txt
���� Echo 6.Checking Directory Service Log on Server...
���� IF %OnlyWE% == 1 (
��� psloglist \\%srvname% "Directory Service" -f w -s -d %LogDays% -x >> DSLOG.cSV
��� psloglist \\%srvname% "Directory Service" -f w -s -d %LogDays% -x >> DSLOG.txt
���� )
���� IF %OnlyWE% == 2 (
��� psloglist \\%srvname% "Directory Service" -f e -s -d %LogDays% -x >> DSLOG.cSV
��� psloglist \\%srvname% "Directory Service" -f e -s -d %LogDays% -x >> DSLOG.txt
���� )
���� IF %OnlyWE% == 3 (
��� psloglist \\%srvname% "Directory Service" -f we -s -d %LogDays% -x >> DSLOG.CSV
��� psloglist \\%srvname% "Directory Service" -f we -s -d %LogDays% -x >> DSLOG.txt
���� )
���� Find /i "Could not locate the specified event log" < DSLOG.txt >> DoNotShow.txt
���� if !errorlevel! == 0 (
��� SET DC_NOT=NO
���� ) ELSe (
��� SET DC_NOT=YES
���� )
���� IF exist C:\DSLOG\TotWar.txt Del C:\DSLOG\Totwar.txt
���� Find /c "WARNING" < DSLOG.txt >> TotWar.txt
���� FOR /F "Tokens=*" %%a in (Totwar.txt) DO SET Tot_War=%%a
���� IF exist C:\DSLOG\TotErr.txt Del C:\DSLOG\TotErr.txt
���� Find /c "ERROR" < DSLOG.txt >> TotErr.txt
���� FOR /F "Tokens=*" %%a in (TotErr.txt) DO SET Tot_Err=%%a
�� )
) ELSE (
� SET ServerStat=Down
� Find /i "Request Timed" < PingResult.txt > DoNotShow.txt
� IF !errorlevel! == 0 (
���� SET ServerStat=Request Timed Out
� ) ELSE (
���� SET ServerStat=Uknown Host
� )
� SET TKL_NEW=
� SET TKL_OLD=
� SET DC_NOT=
� SET AOS_Ver=
� SET AOS_Folder=
� SET AOS_Un=
� SET Rem_Req=
� SET ComERR=
� SET NewComERR=
� SET PS_Rem=
� SET ART_Login=
� SET ComERRAU=
� SET Int_Logon=
� SET Tot_War=
� SET Tot_Err=
� SET Auto_login=
� SET ComERRAuto=
� Echo %srvname% >> HostsDown.txt
� Echo 3.Reply NOT received from Host %srvname%
)
SET OldSrv=%srvname%
IF [!srvname!] == [] (
� Echo Empty
) ELSE (
ECHO %srvname%, %ServerStat%, %TKL_NEW%, %TKL_OLD%, %ART_Login%, %Auto_Login%, %Final_Login%, %DC_NOT%, %AOS_Ver%, %Tot_War%, %Tot_Err% >> Auth-DS.csv
� SET ServerStat=Down
� SET DC_NOT=
� SET Final_login=
� SET TKL_NEW=
� SET Int_Logon=
� SET TKL_OLD=
� SET Rem_Req=
� SET AOS_Ver=
� SET AOS_Folder=
� SET AOS_Un=
� SET Rem_Req=Yes
� SET ComERR=
� SET NewComERR=
� SET PS_Rem=
� SET Tot_War=
� SET Tot_Err=
� SET ART_Login=
� SET ComERRAU=
� SET Auto_login=
� SET ComERRAuto=
)
:eof

Microsoft corporation and/or its respective suppliers make no representations about the suitability, reliability, or accuracy of the information and related graphics contained herein. All such information and related graphics are provided "as is" without warranty of any kind. Microsoft and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information and related graphics, including all implied warranties and conditions of merchantability, fitness for a particular purpose, workmanlike effort, title and non-infringement. You specifically agree that in no event shall Microsoft and/or its suppliers be liable for any direct, indirect, punitive, incidental, special, consequential damages or any damages whatsoever including, without limitation, damages for loss of use, data or profits, arising out of or in any way connected with the use of or inability to use the information and related graphics contained herein, whether based on contract, tort, negligence, strict liability or otherwise, even if Microsoft or any of its suppliers has been advised of the possibility of damages.