domain controller logs

1) Which domain controller logs store information about logon/logoff data - and which actual file stores the  logs (i.e. where does it reside on the server, i.e. path)?

2) Is there an easy way to determine log max size information before old logs are overwritten?

3) is there any free software to parse and filter the logs for just logon/logoff events - and is it easy to interpret which domain account the events refer to?

4) Is there a command or easy way to list all domain controllers in a domain?

5) What formula is applied to determine which domain controller you logon to if there is more than one DC in the domain?
LVL 3
pma111Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

tankergoblinCommented:
Hi you can view the log at the event log. you can view everything there.
0
TropicalBoundCommented:
1A) - The Security Log
1B - Right click on the Security Log and select Properties.  The log path will be shown.

2) - Right click the Security log and select Properties.  The max log file size and what to do when the limit is reached can be found here.

3) - The logs can be a bit intimidating for the beginner.  Pay particular attention to the Event ID number and the source.  Google will be your best friend.

4) - There is a multitude of ways to list all domain controllers.  One is to open Active Directory Users and Computers.  By default, all DC's will reside in the Domain Controller's OU.  From a command line, you can use the NETDOM command: netdom query /d:domainname DC

5) - This would be determined by Active Directory Sites and Services.  Domain controllers are assigned to subnets, usually be geographic location, but not necessarily.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pma111Author Commented:
Thanks TropicalBound - is there a default location for the event log files on windows server 2008R2.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

TropicalBoundCommented:
%SystemRoot%\System32\Winevt\Logs
0
pma111Author Commented:
Many thanks
0
pma111Author Commented:
6) is it a default that the domain controllers will be capturing every users logon/logoff to the domain events, or does this need to be enabled? If yes - any idea where you can see if it is enabled or not?
0
TropicalBoundCommented:
On the domain controller, open Group Policy Management.  Open the 'Default Domain Controllers' policy.  Navigate to Computer Configuration / Policies / Windows Settings / Security Settings / Local Policies / Audit Policies.  This is where you will decide what security events to log.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.