Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 148
  • Last Modified:

domain controller logs

1) Which domain controller logs store information about logon/logoff data - and which actual file stores the  logs (i.e. where does it reside on the server, i.e. path)?

2) Is there an easy way to determine log max size information before old logs are overwritten?

3) is there any free software to parse and filter the logs for just logon/logoff events - and is it easy to interpret which domain account the events refer to?

4) Is there a command or easy way to list all domain controllers in a domain?

5) What formula is applied to determine which domain controller you logon to if there is more than one DC in the domain?
0
pma111
Asked:
pma111
  • 3
  • 3
1 Solution
 
tankergoblinCommented:
Hi you can view the log at the event log. you can view everything there.
0
 
TropicalBoundCommented:
1A) - The Security Log
1B - Right click on the Security Log and select Properties.  The log path will be shown.

2) - Right click the Security log and select Properties.  The max log file size and what to do when the limit is reached can be found here.

3) - The logs can be a bit intimidating for the beginner.  Pay particular attention to the Event ID number and the source.  Google will be your best friend.

4) - There is a multitude of ways to list all domain controllers.  One is to open Active Directory Users and Computers.  By default, all DC's will reside in the Domain Controller's OU.  From a command line, you can use the NETDOM command: netdom query /d:domainname DC

5) - This would be determined by Active Directory Sites and Services.  Domain controllers are assigned to subnets, usually be geographic location, but not necessarily.
0
 
pma111Author Commented:
Thanks TropicalBound - is there a default location for the event log files on windows server 2008R2.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
TropicalBoundCommented:
%SystemRoot%\System32\Winevt\Logs
0
 
pma111Author Commented:
Many thanks
0
 
pma111Author Commented:
6) is it a default that the domain controllers will be capturing every users logon/logoff to the domain events, or does this need to be enabled? If yes - any idea where you can see if it is enabled or not?
0
 
TropicalBoundCommented:
On the domain controller, open Group Policy Management.  Open the 'Default Domain Controllers' policy.  Navigate to Computer Configuration / Policies / Windows Settings / Security Settings / Local Policies / Audit Policies.  This is where you will decide what security events to log.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now