I have been asked to find out when a specific user logged in today.
Management suspects that specific user is punching in, from a phone app; but the same user is not actually on premises. I have been asked to find out when she has actually logged in today (3/29/22018). I went to both Active Directory Domain Controllers and Looked in the 'Event Logs' - 'Windows Logs' - 'Security' - logs.
I then searched for the user name and the earliest instance for 3/29/2018 is 8:53 am.
I have the same results on both Active Directory Domain Controllers. IS this the best way to see when this user has logged in? We do not have any other special reporting software.