logged on users in AD site

Have separate AD site. A small remote site with few users. I am trying to find who is logged on to domain from that site. What is the best way to do that?
Who is Participating?
Will SzymkowskiSenior Solution ArchitectCommented:
What I would recommend is using something like Active Directory Auditing By Lepide Software. This will allow you to collect all of the security logs from all domain controllers and view them in an HTML web format.

Also, in order to see any events regarding user logons you will need to enable Audit Logging on the default domain controllers policy. Once you have done this I would also suggest that you increase all of the security logs sizes to 1GB, to ensure that they do not get overwritten when a lot of events are generated.

Step-by-Step Enabling AD Auditing

Active Directory Auditing by Lepide Software

You can do that by looking up the logon events in the Security Eventlog of all domain controllers which are in that AD site.
Also make sure that all IP-addresses within that remote site are defined  in "AD Sites and Services/Sites/Subnets" and these subnets are assigned to the AD site. In this way you are sure that all users within that site are only using these AD domain controllers.

These are the most important event IDs.
Logon/Logoff events
  Logon: 4624,4625,4648,4675
  Logoff: 4634,4647
Account Logon events
  Kerberos: 4768,4769
  Credential Validation: 4774,4776
Privilege Use events
  Special Logon: 4672
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
On the local PCs you could run set in command prompt and take a look at what logon server is set to.  Alternatively you could also run echo %logonserver%
sara2000Author Commented:
I think i need third party software than event viewer options.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.