troubleshooting Question

Trying to get failed log on attempts from domain controller from ad users

Avatar of Roccat
RoccatFlag for United States of America asked on
11 Comments1 Solution83 ViewsLast Modified:
I would like to get all failed logon attempts. I would like to see failed log on attempts from any computer that a user tries to authenticate to the domain controller.  I am testing the line below on my vm 2008 server in my home lab but its only returning 2 and they are not recent. I purposely failed logons multiple times on a windows 10 vm joined to the domain on the 2008 server vm to hopefully add it to the log but they didnt show up.  This is what I was using for a script.

get-eventlog -logname "security" | where {($_.eventID -eq 4771) -or ($_.eventID -eq 4776)} | select timegenerated,message
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 11 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 11 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros