DateTime/DateFrom doesn't work properly for Find-Events

EvotecIT / PSWinReporting

This PowerShell Module has multiple functionalities, but one of the signature features of this module is the ability to parse Security logs on Domain Controllers providing easy to use access to AD Events.

MIT License

701 stars 69 forks source link

DateTime/DateFrom doesn't work properly for Find-Events #49

Closed jmcarthurcorr closed 5 years ago

jmcarthurcorr commented 5 years ago

The module needs more complete documentation to disambiguate what DateTime format the module is expecting. Supplying a DateTime object is not recognized by the function and results in an output of [Info] Getting events for dates to and no output is produced.

jmcarthurcorr commented 5 years ago

This is for V2

PrzemyslawKlys commented 5 years ago

$DateStart = (Get-Date).AddDays(-1)
$DateEnd = Get-Date

$Events = Find-Events -Report ADGroupMembershipChanges -Servers 'AD1' -Verbose -DateFrom $DateStart -DateTo $DateEnd
$Events | Format-Table -AutoSize

It requires DateTime object. DatesRange is predefined text and it has Accepted values: PastHour, CurrentDayMinusDayX, CurrentDayMinuxDaysX, Last7days, CurrentMonth, CurrentDay, Last3days, Everything, PastDay, CurrentQuarter, PastMonth, PastQuarter, OnDay, CustomDate, CurrentHour, Last14days

But I'll limit that, as it doesn't make sense to have all od that.

https://github.com/EvotecIT/PSWinReporting/blob/master/Docs/Find-Events.md

PrzemyslawKlys commented 5 years ago

But I see a problem. There is a bug. I'll fix it.

jmcarthurcorr commented 5 years ago

Thanks for the super quick response.

I'm using DateTime objects - here's a more verbose sample of what I'm running into

PS C:\> $start = get-date 04/15/2019; $end = get-date 04/17/2019
PS C:\> $start.GetType()

IsPublic IsSerial Name                                     BaseType
-------- -------- ----                                     --------
True     True     DateTime                                 System.ValueType

PS C:\> Find-Events -Report ADUserLockouts -DateFrom $start -DateTo $end -Servers $servers
[Info] Preparing reports: ADUserLockouts
[Info] Preparing servers list - defined list
[Info] Computer DC1 added to scan Security log for events: 4740
[Info] Computer DC2 added to scan Security log for events: 4740
[Info] Computer DC3 added to scan Security log for events: 4740
[Info] Computer DC4 added to scan Security log for events: 4740
[Info] Computer DC5 added to scan Security log for events: 4740
[Info] Computer DC6 added to scan Security log for events: 4740
[Info] Getting events for dates  to

PrzemyslawKlys commented 5 years ago

Update-Module PSWinReportingV2 -Force

Should be fixed now. I've made last minute changes before the article and haven't checked everything. Thanks for understanding.

jmcarthurcorr commented 5 years ago

Installed the new version. Bugfix appears to be successful. Thanks!