• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 194
  • Last Modified:

Can I see 2003 logs on on the NT domain logs in a trusted environment?

I am seeing the following (santized) message;

10/4/07 11:11:58 AM,Security,Failure Audit,Logon/Logoff ,539,NT AUTHORITY\SYSTEM,NTDOMAIN,Logon Failure:         Reason:            Account locked out         User Name:      SomeUserName         Domain:      SomeMachineName         Logon Type:      3         Logon Process:      KSecDD         Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0         Workstation Name:      \\SomeMachineName

      The log comes from an NT environment.  The SomeMachineName is on a 2003 domain and not on the old NT domain, yet I am seeing logs.  How is this possible?  There exists a trust between the NT and 2003 domains.  I don't see any other failed logons from other accounts.

Thanks,

Awakenings
0
awakenings
Asked:
awakenings
  • 3
  • 2
4 Solutions
 
Alan Huseyin KayahanCommented:
   Hi Awakenings
        As far as trust relationship exists between domains, and DCs in domains are set as "Global Catalogues" in NTDS settings which makes them accept/reply logon requests, the logs you see are normal.

Regards
0
 
awakeningsAuthor Commented:
MrHusy,

    Then how come I don't see many logs?  Really I should get 50 times as many logs.

Thanks,

Awakenings
0
 
Alan Huseyin KayahanCommented:
   It is not the Account logon. Logon Type 3 indicates the attempt to reach a network share or printer. And you get that log when someone in 2003 domain tries to reach a \\computername, a share or a printer. Thats why you shouldnt see it 50 times.

Regards
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Alan Huseyin KayahanCommented:
correction :And you get that log when someone in 2003 domain tries to reach a \\computername, a share or a printer in NT domain
0
 
LauraEHunterMVPCommented:
You are encountering the difference between "Account logon events" and "logon events".

I press CTRL-ALT-DEL and punch in my username/password on DomainA.  An Account Logon Event is logged to the Security log of the domain controllers on DomainA.  (Assuming logging is enabled for this, naturally.)  Nothing is logged to the Security logs of the domain controllers on DomainB.

Once logged onto DomainA, I attempt to access a resource on a file server (call it \\ServerB) in DomainB. A Logon Event is logged to the Security log of \\ServerB in DomainB.  Nothing is logged to the Security logs of the domain controllers on either DomainA or DomainB.  However, if the resource I'm trying to access happens to be hosted on a domain controller in DomainB, the Logon Event will be logged to the Security Logs of DomainB, since that happens to be where the resource is housed.
0
 
awakeningsAuthor Commented:
Thanks Everyone!  Sorry for the slow response!
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now