Solved

Domain login history for user

Posted on 2010-09-01
8
2,437 Views
Last Modified: 2012-05-10
for some security reason and investigation
i need some info on how to get:
user A's  login and logoff history for everyday for past one month.

i have some tools (eg jiji ad report) but those just gives last succesfull or failed login.ths it.
any idea on how to get this info.
0
Comment
Question by:KerryJB
8 Comments
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33574602
It depends on what you have configured to Audit, how big the log files are etc if you hvae configred the domain controller policy to log succesfull log ons and and your log files could cope with 1 months worth of logs then check the security logs on the domain controllers.
0
 
LVL 6

Expert Comment

by:M. Rashel Ahmed
ID: 33574653
you can see that in the event log. for more details, you can see it here: http://technet.microsoft.com/en-us/library/bb742435.aspx .


0
 
LVL 10

Expert Comment

by:wmeerza
ID: 33574664
on-going it would be better to create a logon/off script that records their activity. Much easier to audit in the long run.
For a login script:
  for /F "tokens=2 delims=:" %%K in ('ipconfig ^| find /I "IP Address"') do set IPADD=%%K
  echo logged on,%USERNAME%,%DATE%,%TIME%,%IPADD% >>"\\server\useraccess.txt"

For a logoff script:
  for /F "tokens=2 delims=:" %%K in ('ipconfig ^| find /I "IP Address"') do set IPADD=%%K
  echo logged off,%USERNAME%,%DATE%,%TIME%,%IPADD% >>"\\server\useraccess.txt"

Add these as .bat files to your default domain policy and then just use Excel to filter.
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 4

Expert Comment

by:Geek_Nabil
ID: 33574878
First check that in Audit policies you enabled "Audit account logon events".

0
 
LVL 4

Expert Comment

by:Geek_Nabil
ID: 33574892
0
 

Author Comment

by:KerryJB
ID: 33583879
auditing of account logon events is enabled. the problem is the size we set is not much.and we need the data for the month of june. is this possible in any way.?
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33584256
The event logs are stored in %SystemRoot%\System32\Config in files ending .evt if your backups were capturing that location/files you could restore the older files and review them.


0
 
LVL 4

Accepted Solution

by:
Geek_Nabil earned 125 total points
ID: 33601674
That is not possible unless as @MojoTech mentioned you have a backup, a log that is deleted is gone.
For future needs i suggest increasing the log file size, by right click on the log -> properties -> log size.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question