We help IT Professionals succeed at work.

Trying to get failed log on attempts from domain controller from ad users

Roccat
Roccat asked
on
72 Views
Last Modified: 2017-04-03
I would like to get all failed logon attempts. I would like to see failed log on attempts from any computer that a user tries to authenticate to the domain controller.  I am testing the line below on my vm 2008 server in my home lab but its only returning 2 and they are not recent. I purposely failed logons multiple times on a windows 10 vm joined to the domain on the 2008 server vm to hopefully add it to the log but they didnt show up.  This is what I was using for a script.

get-eventlog -logname "security" | where {($_.eventID -eq 4771) -or ($_.eventID -eq 4776)} | select timegenerated,message

Open in new window

Comment
Watch Question

Author

Commented:
It appears this works without issue on my production domain controller.
Shaun VermaakSenior Consultant
CERTIFIED EXPERT
Awarded 2017
Distinguished Expert 2019

Commented:
How many domain controllers do you have?
Senior Consultant
CERTIFIED EXPERT
Awarded 2017
Distinguished Expert 2019
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
CoralonSenior Citrix Engineer
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Do I need to enable auditing on the client machines to get this info on the ad servers or enable auditing on the ad servers?
Shaun VermaakSenior Consultant
CERTIFIED EXPERT
Awarded 2017
Distinguished Expert 2019

Commented:
Just on the domain controllers

Author

Commented:
Thank you!

Author

Commented:
Thank you!
Shaun VermaakSenior Consultant
CERTIFIED EXPERT
Awarded 2017
Distinguished Expert 2019

Commented:
Glad we could help.
Please remember to endorse my, or any other expert's comments that you found helpful by clicking on the "Thumb's Up" button

Author

Commented:
Sure, what does that do?
Shaun VermaakSenior Consultant
CERTIFIED EXPERT
Awarded 2017
Distinguished Expert 2019

Commented:
It gives an ongoing feedback from you and others on how helpful a particular comment was. (It does not translate to points for experts)

Someone else might even find another comment to be a solution to their problem and endorses a difference solution. This way the solution helps others.
When a comment reaches 3 it turns comment to blue, giving future visitors a clear indication of what comments to look at
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.