?
Solved

AD Authentication Tracking

Posted on 2011-03-22
6
Medium Priority
?
583 Views
Last Modified: 2013-12-07
We have about 200 workers from around the country that login and work remotely. They login according to their jobs.

Some login to....
* a VPN (this is a Linux machine) this authenticates via AD.
* SharePoint
* OWA
* Outlook (RPC over HTTP)
* Target Process
* Etc

This is a volunteer project and we just need to see who is active. So we would like to see if there is any software we already have or that we can get to record ever time someone authenticates via AD no matter if it is the VPN, OWA, Outlook ETC. Most server are 2008 R2 Datacenter.

Network made up of 2 DC, Exchange 2010 with an Edge Server, MS Threat Management Gateway, SharePoint 3.0 moving to 2010, WSUS, AV, 2 Spiceworks, Target Process, etc etc.

(MS Threat Management Gateway is not being used as a firewall it is used to publish things like SharePoint OWA etc to the internet so we do not have to use the VPN for those things)  
0
Comment
Question by:RickEpnet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 35191804
You could view security logs on your DCs, but one good way to ID old/stale accounts is a tool like old computer from Joe Richards

http://joeware.net/freetools/tools/oldcmp/index.htm

...also works with users

You can key off lastlogontimestamp which is accurate up to 9-14 days

Thanks

Mike
0
 
LVL 14

Author Comment

by:RickEpnet
ID: 35191934
I have something similar to this already. The problem with lastlogontimestamp is you really have to run it on both DC for an simi-accurate picture.

We are really looking for something a little more robust. Not necessarily need it to be free.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35191979
if you were looking at lastlogon then you would need to run it against all the DCs because it doesn't replicate but lastlogontimestamp does replicate

Thanks

Mike
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 14

Author Comment

by:RickEpnet
ID: 35195123
Ok so I am trying to figure out the commend line to get what I want but I am having a hard time can you help.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35195246
Are you trying to use oldcmp?  Is that the command line you are looking for?

Thanks

Mike
0
 
LVL 14

Author Closing Comment

by:RickEpnet
ID: 35195484
Thanks!!
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question