When a user log onto domain, where can I find which DC authenticated through kerberos in DC event log?
I see only the user IP, workstation hostname, user name, but no DC information?
from client, I can issue %logonserver% or nltest /dsgetdc:sea. But I need to get a report what DC authenticated who. How can I update this information?
Also, if the user is home office user through VPN, it doesn't seem the logon event is even being recorded in DC's security event log.
For VPN users, how can I trace which DC authenticate which user?
DC: Windows Server 2012
Sites and Services are implemented.