How to Get Shutdown Time using PowerShell and ADAudit Plus

How to get shutdown time using PowerShell

• Identify the domain from which you want to retrieve the report.
• Find the LDAP attributes you need to fetch the report.
• Identify the primary DC to retrieve the report.
• Compile the script.
• Execute it in Windows PowerShell
• The report will be exported in the specified format.
• To obtain the report in a different format, modify the script accordingly.

Sample Windows PowerShell script

The following script parses the system event log for shutdown events and generates a report to gain insights on system shutdown.

Get-EventLog -LogName System -Source
"EventLog" -EntryType Error | Where {$_.EventID -eq 6008} | fl * | Out-File -Filepath 
C:\Users\sareeka-8466\Desktop\REport.html (Mention the location where report needs to be saved)
The report can be saved in .csv or .txt format by altering the same.
For Eg: Out-File -FilePath C:\Users\sareeka-8466\Desktop\REport.csv

Steps to get computer shut down time using ADAudit Plus

• Navigate to Reports -> Local Logon-Logoff -> Computer Startup and Shutdown.
• Select the required 'Domain' from the drop down option on the top right corner.
• In the 'Domain' field found on the top right corner, select either the required domain or select 'All Domains'.
• Select 'Export As' to export the report in any of the preferred formats (CSV, PDF, HTML, and XLS).

In addition to the computer name and shutdown time, the following are some of the details provided by ADAudit Plus:

• User who initiated the shutdown.
• Shutdown type - provides information about whether the computer was shutdown or restarted.
• The process that triggered shutdown.