Collecting Event logs from core or desktop experience servers using new-pssession


Create a new session to a variable

$DC02 = New-PSSession –ComputerName DC02 –credential domain.local\administrator  


Or with multiple sessions

(Note that when using multiple connections the variables will be assigned to the in the order of which server connected the quickest not as they are typed.

$DC02, $DC03 = New-PSSession DC02, DC03

To confirm the hostname check the variables:



To see all the open session use:


A quick way to check if there are active directory obvious AD or replication errors in a large environment with multiple domain controllers is to setup a ps sessions to all the domain controllers with the New-PSSession command and run an invoke-command against all sessions to get an idea of the ntds.dit file size across all the servers to check for inconsistencies.

To put it all together:

invoke-command { dir c:\windows\ntds\ntds.dit} -session $DC02, $DC03

Or for all sessions

invoke-command { dir c:\windows\ntds\ntds.dit} -session (get-pssession)

As you can see this simple and often overlooked command enable an admin to do some powerful stuff.

Now for example if you want to see the logs of a number of servers for error and warning using powershell remoting  in one view you could you it like this after establishing the connections.

$PSsess = Get-PSSession 
$logs = invoke-command { 
get-eventlog "Directory Service" -EntryType Error,Warning `
-After (Get-Date).AddHours(-48)
} -session $PSsess 


As you can see this is hard to read, so for a better way you’d want to pipe it to the out grid view.

This also gives you the ability to filter and sort

$logs | Sort PSComputername,TimeGenerated | Select PSComputername,TimeGenerated,Source,Category,EntryType,EventID,Message | Out-Gridview –Title "Server Log Problems"

This is a good example using only a few servers but this remoting can be used to make life easier when thousands of servers at the same time using powershell remoting.

When you are finished you can end with the command

get-pssession | remove-pssession

You May Also Like

About the Author: Phil

Leave a Reply

Your email address will not be published. Required fields are marked *