Soldato
Another silly pickle; I'm trying to pull the last logon event based on the netlogon type and a domain account BUT ignoring a specific (or potentially a number of specific accounts).
Here is what I have, which pulls last domain account entry
This pulls the last domain entry as expected. However; I then wish to ignore where it also matches a specific account so have added another condition as follows:
But it still pulls the accounttoignore as the last domain entry.
Hmm.
Here is what I have, which pulls last domain account entry
Code:
$GetEventEntry = Get-Winevent -ComputerName $computer -FilterHashtable @{Logname='security'; ID=4624; StartTime=(Get-Date).addDays(-32)} | where {($_.properties[8].value -eq 2 -or $_.properties[8].value -eq 10) -and ($_.properties[6].value -like "domainname")}| Select-Object $properties | Select-Object -First 1
Code:
$GetEventEntry = Get-Winevent -ComputerName $computer -FilterHashtable @{Logname='security'; ID=4624; StartTime=(Get-Date).addDays(-32)} | where {($_.properties[8].value -eq 2 -or $_.properties[8].value -eq 10) -and ($_.properties[6].value -like "domainname" -and $_.properties[6].value -notmatch "accounttoignore")}| Select-Object $properties | Select-Object -First 1Hmm.
