Any chance the ones it's skipping are failing the test-connection? -Daniel Ratliff
-----Original Message----- From: Daniel Chenault [dani...@hotmail.com<mailto:dani...@hotmail.com>] Sent: Monday, March 10, 2014 05:21 PM Eastern Standard Time To: scripting@lists.myitforum.com Cc: scripting@lists.myitforum.com Subject: Re: [scripting] hit or miss Because we have Citrix servers that are rebooted on a regular basis in that time frame. Event ID 41 specifically indicates an abnormal reboot. On Mar 10, 2014, at 14:11, "Trevor Sullivan" <tsul...@gmail.com<mailto:tsul...@gmail.com>> wrote: Why not just get the list of servers dynamically from Active Directory? Use the LastBootupTime property on the Win32_OperatingSystem WMI class to see when the system last booted up. $ServerList = Get-ADComputer -Properties operatingsystem -Filter 'operatingsystem -like "*server*"'; foreach ($Server in $ServerList) { '{0},{1}' -f $Server.Name, (Get-WmiObject -ComputerName $Server.Name -Class Win32_OperatingSystem).LastBootupTime; } Results look like this: <image001.png> Cheers, Trevor Sullivan From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Daniel Chenault Sent: Monday, March 10, 2014 4:01 PM To: Scripting Subject: [scripting] hit or miss We had an outage over the weekend and I've been tasked with discovering which servers were affected. Get-eventlog should help here, right? Not working... I ran it against a single machine I know for sure was affected and it worked. Now it's skipping over machines I know were affected. Mongo confused... #server-out.txt is all servers dumped from AD $servers = Get-Content c:\admin\server_out.txt $startdate = "3/8/2014 10:30:00 PM" $enddate = "3/9/2014 01:00:00 am" foreach ($server in $servers) { write-host "Testing connection to" $server if((Test-Connection -Cn $server -BufferSize 16 -Count 1 -ea 0 -quiet)) { $holder = $null $holder = Get-EventLog system -After $startdate -Before $enddate -ComputerName $server | where {$_.eventid -eq 41} write-host $holder if ($holder -ne $null) { write-host $server "was affected" write-host "Appending " + $server + " to file" Out-File -InputObject $server -FilePath c:\admin\affected.txt -append } } } NB: source is Kernel-Power The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information.
