sara2000
asked on
logged on users in AD site
Have separate AD site. A small remote site with few users. I am trying to find who is logged on to domain from that site. What is the best way to do that?
On the local PCs you could run set in command prompt and take a look at what logon server is set to. Alternatively you could also run echo %logonserver%
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I think i need third party software than event viewer options.
Also make sure that all IP-addresses within that remote site are defined in "AD Sites and Services/Sites/Subnets" and these subnets are assigned to the AD site. In this way you are sure that all users within that site are only using these AD domain controllers.
These are the most important event IDs.
Logon/Logoff events
Logon: 4624,4625,4648,4675
Logoff: 4634,4647
Account Logon events
Kerberos: 4768,4769
Credential Validation: 4774,4776
Privilege Use events
Special Logon: 4672