How to filter all events of a user from windows server 2008 event logs? | Advance event log filtering – List Of What

Today for a little investigation I wanted to find all the logged events of a particular user in my windows active directory domain. I tried the basic log filtering option but it could not give me the logs I require so I wanted a way to find all the logs for a user.

To do this I used the xml query feature of event viewer. Believe me it is a amazing tool guys you can find anything you want from the active directory if you know the way query the ad.

First of all you need to open the event viewer.

Right click on the Custom View folder and select Create Custom View.

In the popup windows switch to the XML tab and then tick the bottom check box as depicted below.

Here you need to write the query to obtain required events from the log file. Here I have mentioned the query set to obtain all the details about a particular user. Don’t worry below I will give you a tip to easily write this query.

      *[EventData[Data[@Name=’TargetUserName’] and (Data=’Randika’)]]