Sep 19 2018 11:47 AM
Hello,
We have a ps1 script to audit AD-Group-Members which runs on a weekly basis.
This queries all the AD users and Groups they are a part of and exports it in a Excel file. This runs on our Domain Controller.
On 2nd September, we noticed that during the time, the script was running, there was 956 sign-in attempts on our DC.
The script for Get-ADGroupMembership ran on 4:38PM and completed csv was created at 4:46PM.
Login events started 9/2/2018 4:38:22 PM and continued till 9/2/2018 4:46:29 PM
This is what i see in the Event Viewer (screenshot added)
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: Guest
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC000006A
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
Any info on why the script might have caused Logon attempted will be hugely appreciated.
Aslo attached the ps1.
Oct 04 2018 03:26 AM
Oct 04 2018 06:57 AM