asked on

AD Authentication Tracking

We have about 200 workers from around the country that login and work remotely. They login according to their jobs.

Some login to....
* a VPN (this is a Linux machine) this authenticates via AD.
* SharePoint
* OWA
* Outlook (RPC over HTTP)
* Target Process
* Etc

This is a volunteer project and we just need to see who is active. So we would like to see if there is any software we already have or that we can get to record ever time someone authenticates via AD no matter if it is the VPN, OWA, Outlook ETC. Most server are 2008 R2 Datacenter.

Network made up of 2 DC, Exchange 2010 with an Edge Server, MS Threat Management Gateway, SharePoint 3.0 moving to 2010, WSUS, AV, 2 Spiceworks, Target Process, etc etc.

(MS Threat Management Gateway is not being used as a firewall it is used to publish things like SharePoint OWA etc to the internet so we do not have to use the VPN for those things)

ASKER CERTIFIED SOLUTION

Mike Kline

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

RickEpnet

ASKER

I have something similar to this already. The problem with lastlogontimestamp is you really have to run it on both DC for an simi-accurate picture.

We are really looking for something a little more robust. Not necessarily need it to be free.

Mike Kline

if you were looking at lastlogon then you would need to run it against all the DCs because it doesn't replicate but lastlogontimestamp does replicate

Thanks

Mike

RickEpnet

ASKER

Ok so I am trying to figure out the commend line to get what I want but I am having a hard time can you help.

Mike Kline

Are you trying to use oldcmp? Is that the command line you are looking for?

Thanks

Mike

RickEpnet

ASKER

Thanks!!