# http://my-powershell.fr/aide-memoire-powershell
# http://www.ehow.com/how_7719350_split-string-two-variables-powershell.html
# http://technet.microsoft.com/fr-FR/library/dd772712(WS.10).aspx

echo "Heure;Utilisateur;IP;Protocole;Type authentification" |Out-File c:\_adm\resultats\audit-connexion.txt

# Lister tous les événements de connexion
Get-WinEvent -LogName Security -ComputerName DC1.MSREPORT.INTRA | Where-Object {$_.Id -eq 4624}| select TimeCreated,Message | foreach {
  $message = $_.Message.Split("`n")
  $logontype = $message[8].Trim()
  $logontype = $logontype.Replace("Logon Type:			","").Trim()
  $user = $message[12].Trim()
  $user = $user.Replace("Account Name:		", "").Trim()
  $ip = $message[23].Trim()
  $ip = $ip.Replace("Source Network Address:	","").Trim()
  $authentification = $message[28].Trim()
  $authentification = $authentification.Replace("Authentication Package:	", "").Trim()
  If (!($user.Contains("$")))
  {
    $LineToWrite = [string]$_.TimeCreated + ";" + $user + ";" + $ip + ";" + $authentification + ";" + $logontype | Out-File c:\_adm\resultats\audit-connexion.txt -Append
  }
}