# The script searches the current directory for and files that begin with "EventID"
# and then reads each one of these files extracting to a CSV file - UPNchanges.csv 
#    Target Account ID
#    Calling Account ID
#    User Principal Name (new value as we don't have the old with 2003
#    Source DC for the log file being processed
#
$DT = Get-Date -format "yyyymmddHHmmss"    
$file = ".\UPNchanges_$DT.csv"
Add-Content $file "Target Account,Calling Account,UPN,Event Log Source DC" 
$input = (dir .\eventid*.*)
$input | foreach-object {

   $In = $_.name
   #Add-Content $file "....Reading file $in"
   $DC = ($In.split("_"))[1]
   $DC = ($DC.split("."))[0]
   get-content .\$In | foreach-object {

   If (-Not($In.contains("Timing")))
   {
       If ($_.contains("Target Account ID:")) {$target = ($_.split(":"))[1]}
       If ($_.contains("Caller User Name:")) {$caller = ($_.split(":"))[1]}
    	If ($_.contains("User Principal Name:")) {$UPN = ($_.split(":"))[1]
     	   If (-not ($UPN.substring(($UPN.length -1),1) -eq "-")) {Add-Content $file "$target,$caller,$upn,$DC"
      	  }

    	}

       }
    }      
}