AboutPricingCommunityTeamsStart Free TrialLog in
Avatar of Roccat
Roccat
Flag for United States of America asked on

Trying to get failed log on attempts from domain controller from ad users

I would like to get all failed logon attempts. I would like to see failed log on attempts from any computer that a user tries to authenticate to the domain controller.  I am testing the line below on my vm 2008 server in my home lab but its only returning 2 and they are not recent. I purposely failed logons multiple times on a windows 10 vm joined to the domain on the 2008 server vm to hopefully add it to the log but they didnt show up.  This is what I was using for a script.

get-eventlog -logname "security" | where {($_.eventID -eq 4771) -or ($_.eventID -eq 4776)} | select timegenerated,message

Open in new window

Powershell
Avatar of undefined
Last Comment
Shaun Vermaak
8/22/2022 - Mon
Roccat
ASKER
It appears this works without issue on my production domain controller.
Shaun Vermaak
How many domain controllers do you have?
ASKER CERTIFIED SOLUTION
Shaun Vermaak
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
Coralon
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Roccat
ASKER
Do I need to enable auditing on the client machines to get this info on the ad servers or enable auditing on the ad servers?
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Shaun Vermaak
Just on the domain controllers
Roccat
ASKER
Thank you!
Roccat
ASKER
Thank you!
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Shaun Vermaak
Glad we could help.
Please remember to endorse my, or any other expert's comments that you found helpful by clicking on the "Thumb's Up" button
Roccat
ASKER
Sure, what does that do?
Shaun Vermaak
It gives an ongoing feedback from you and others on how helpful a particular comment was. (It does not translate to points for experts)

Someone else might even find another comment to be a solution to their problem and endorses a difference solution. This way the solution helps others.
When a comment reaches 3 it turns comment to blue, giving future visitors a clear indication of what comments to look at
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Plans and Pricing
Resources
Product
Podcasts
Careers
Contact Us
Teams
Certified Expert Program
Credly Partnership
Udemy Partnership
Privacy Policy
Terms of Use

© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent