Find out which maschine is using an specific old useraccount for logon

Posted on 2015-01-21
Medium Priority
Last Modified: 2015-01-29

we have a Windows 2012 Domain Controller. I noticed that an old (but still not deactived) useraccount is still used. After setting up a new destination for roaming profiles, this Account created a profile-folder too.
Before deactivating it, i want to know from which machine the logon comes.
How do i find out this ?
I only know the username and the DC the users authenticates against.

Thanks for answers
Question by:loosain
LVL 37

Accepted Solution

Kimputer earned 668 total points
ID: 40563270
Take a look in the Event Viewer, Security log. You can filter on the username. If nothing is there, you need to enable auditing. If there are entries after you filter it, just take a look at the entries, it should reveal the ip number.
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 668 total points
ID: 40563507
If you have multiple domain controllers then you are going to have to go through all of the DC logs on each server.

You will also need to increase the security log database to something larger than the defaults. This is so that the event logs do not get overwritten.

You also require auditing to be enabled via the default domain policy. If this is not set you will see nothing in the logs. These auditing settings are not enabled by default.

If you have multiple DC's I would suggest using something like AD Audit PLUS. You can get a fully functional version for 30 trail.



Assisted Solution

MarkieS earned 664 total points
ID: 40565931
If you know the user account password - try changing it to something different.
You can then use  Powershell to locate the machine

Author Closing Comment

ID: 40577160
It was an error from the customer. He talked about the wrong user. Everything was fine. But thanks for the advises, maybe helping next time.

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
One thing I've always found frustrating is no matter how many times one asks the end users to not save things on their local machines, they do it anyway.  Forget that we don't back up the desktops - only the servers.  Well, let's sneak their data on…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

619 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question