We had an outage over the weekend and I've been tasked with discovering which servers were affected. Get-eventlog should help here, right? Not working... I ran it against a single machine I know for sure was affected and it worked. Now it's skipping over machines I know were affected. Mongo confused...
#server-out.txt is all servers dumped from AD $servers = Get-Content c:\admin\server_out.txt $startdate = "3/8/2014 10:30:00 PM" $enddate = "3/9/2014 01:00:00 am" foreach ($server in $servers) { write-host "Testing connection to" $server if((Test-Connection -Cn $server -BufferSize 16 -Count 1 -ea 0 -quiet)) { $holder = $null $holder = Get-EventLog system -After $startdate -Before $enddate -ComputerName $server | where {$_.eventid -eq 41} write-host $holder if ($holder -ne $null) { write-host $server "was affected" write-host "Appending " + $server + " to file" Out-File -InputObject $server -FilePath c:\admin\affected.txt -append } } } NB: source is Kernel-Power