Lister les erreurs d’authentification Radius (NPS) via PowerShell

Avec ça, vous aurez les dernières erreurs et leurs causes possibles.

$NpsServers=('DC01','DC02')
$ReturnArray=@()

$NPS_Filter="<QueryList>
 <Query Id=`"0`" Path=`"System`">
 <Select Path=`"System`">*[System[Provider[@Name='NPS']]]</Select>
 <Select Path=`"System`">*[System[Provider[@Name='HRA']]]</Select>
 <Select Path=`"System`">*[System[Provider[@Name='Microsoft-Windows-HCAP']]]</Select>
 <Select Path=`"Security`">*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and Task = 12552]]</Select>
 </Query>
</QueryList>"

foreach ( $NpsServer in $NpsServers ) {
 foreach ( $Event in (Get-WinEvent -MaxEvents 800 -ComputerName $NpsServer -FilterXml ([xml]$NPS_Filter) | where {$_.message -like "*denied*"} ) ){
 $Message=$Event.Message.Split("`n")

$Retour = [PSCustomObject]@{
 TimeCreated =$Event.TimeCreated
 MachineName =$Event.MachineName
 AccountName =((($Message |Select-String -Pattern "Account Name" -CaseSensitive)[0]).ToString().split(':')[1]).trim()
 AuthType =((($Message |Select-String -Pattern "Authentication Type" -CaseSensitive)[0]).ToString().split(':')[1]).trim()
 Reason =''
 }
 if ($Message |Select-String -Pattern "Reason" ){
 $Retour.Reason =((($Message |Select-String -Pattern "Reason:" -CaseSensitive)[0]).ToString().split(':')[1]).trim()
 }

$ReturnArray+=$Retour
 }
}
$ReturnArray| ft -autosize