logged on users in AD site

Have separate AD site. A small remote site with few users. I am trying to find who is logged on to domain from that site. What is the best way to do that?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You can do that by looking up the logon events in the Security Eventlog of all domain controllers which are in that AD site.
Also make sure that all IP-addresses within that remote site are defined  in "AD Sites and Services/Sites/Subnets" and these subnets are assigned to the AD site. In this way you are sure that all users within that site are only using these AD domain controllers.

These are the most important event IDs.
Logon/Logoff events
  Logon: 4624,4625,4648,4675
  Logoff: 4634,4647
Account Logon events
  Kerberos: 4768,4769
  Credential Validation: 4774,4776
Privilege Use events
  Special Logon: 4672
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
On the local PCs you could run set in command prompt and take a look at what logon server is set to.  Alternatively you could also run echo %logonserver%
Will SzymkowskiSenior Solution ArchitectCommented:
What I would recommend is using something like Active Directory Auditing By Lepide Software. This will allow you to collect all of the security logs from all domain controllers and view them in an HTML web format.

Also, in order to see any events regarding user logons you will need to enable Audit Logging on the default domain controllers policy. Once you have done this I would also suggest that you increase all of the security logs sizes to 1GB, to ensure that they do not get overwritten when a lot of events are generated.

Step-by-Step Enabling AD Auditing

Active Directory Auditing by Lepide Software


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sara2000Author Commented:
I think i need third party software than event viewer options.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.