This PowerShell Module has multiple functionalities, but one of the signature features of this module is the ability to parse Security logs on Domain Controllers providing easy to use access to AD Events.
MIT License
705
stars
70
forks
source link
Events for Lockouts are duplicated on PDC and other DC's #50
When lockout happens it often happens that lockout is reported on one DC and then transferred to PDC. This means 2 events for 1 real event.
Maybe some kind of duplicate checking - if Event ID, User, Computer, Action, and only RecordID/Controller doesn't match merge events.