Share via

How to Get Logs for Authentications of Login and Shared Network access for Domain users in AD Domain Controller.

Researcher 11 Reputation points
2022-08-20T10:03:33.633+00:00

I am working on a small project with around 150 users in a Domain Environment

I am searching for a method to Obtain or to Generate - Domain authentication logs of Domain users when logged in to domain computers or when accessing share drives. The log is to be generated in the domain controller itself.

I also require the log to have the details like:

AD domain controller authenticating a Domain user for both login to workstations and when accessing network shares, which user (username) was authenticated and PC name or IP address of user computer, time of authentication, Destination of user.

I have tried using ‘Audit Account Logon’ and ‘Audit logon’ GPO under “Audit Policy" , and "Logon/Logoff" GPO under Advanced Audit Policy , the logs are generated in domain controller based on event number and need to be filtered every time to see the login details . Also all required details are not present in here.

I found few alternative tools like ADManager plus, ADAudit plus, Adinfo (form cjwdev) , Netwrix Auditor for AD , but not sure which one has the best features.

Need help here. Please suggest any alternative methods or free software’s that could be used. Any ideas are appreciated.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JimmySalian-2011 42,511 Reputation points
    2022-08-21T09:37:37.76+00:00

    Hi,

    Thank you for asking this question on the Microsoft Q&A Platform.

    I guess you are on the right path with regards to setting up the auditing on the DC via the GPO, also this link will provide details tracking and notification of each user activity. So can be used and yes it will be bit of extracting the logs and filtering out as per the requirement. monitoring-active-directory-for-signs-of-compromise

    Recommended and I have used SCOM product to monitor and alerts as per requirements details.aspx

    Also Solarwinds is a good tool but it is third party so please review docs and decide which one is preferred by your team.
    user-activity-monitoring

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
  2. Limitless Technology 39,926 Reputation points
    2022-08-22T14:29:59.283+00:00

    Hello,

    The Audit in Windows is intended as a record of events for Logon and other information, but not very friendly for daily or individual audit. Mostly useful for repository of data in case of other errors or warnings related to the logon status.

    For the purpose that you want to use, would be indeed necessary other 3rd Party tools or AD APIs that allows management on a different interface more dedicated for real time security or comprehensive audit per user.

    -------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.