Because we have Citrix servers that are rebooted on a regular basis in that
time frame. Event ID 41 specifically indicates an abnormal reboot.
> On Mar 10, 2014, at 14:11, "Trevor Sullivan" <tsul...@gmail.com> wrote:
>
> Why not just get the list of servers dynamically from Active Directory? Use
> the LastBootupTime property on the Win32_OperatingSystem WMI class to see
> when the system last booted up.
>
> $ServerList = Get-ADComputer -Properties operatingsystem -Filter
> 'operatingsystem -like "*server*"';
>
> foreach ($Server in $ServerList) {
> '{0},{1}' -f $Server.Name, (Get-WmiObject -ComputerName $Server.Name
> -Class Win32_OperatingSystem).LastBootupTime;
> }
>
> Results look like this:
>
> <image001.png>
>
> Cheers,
> Trevor Sullivan
>
> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
> On Behalf Of Daniel Chenault
> Sent: Monday, March 10, 2014 4:01 PM
> To: Scripting
> Subject: [scripting] hit or miss
>
> We had an outage over the weekend and I've been tasked with discovering which
> servers were affected. Get-eventlog should help here, right? Not working... I
> ran it against a single machine I know for sure was affected and it worked.
> Now it's skipping over machines I know were affected. Mongo confused...
>
> #server-out.txt is all servers dumped from AD
> $servers = Get-Content c:\admin\server_out.txt
> $startdate = "3/8/2014 10:30:00 PM"
> $enddate = "3/9/2014 01:00:00 am"
> foreach ($server in $servers)
> {
> write-host "Testing connection to" $server
> if((Test-Connection -Cn $server -BufferSize 16 -Count 1 -ea 0 -quiet))
> {
> $holder = $null
> $holder = Get-EventLog system -After $startdate -Before $enddate
> -ComputerName $server | where {$_.eventid -eq 41}
> write-host $holder
> if ($holder -ne $null)
> {
> write-host $server "was affected"
> write-host "Appending " + $server + " to file"
> Out-File -InputObject $server -FilePath c:\admin\affected.txt
> -append
> }
> }
> }
>
> NB: source is Kernel-Power
>
>
