How to get details of AD users, when and where they logged in in AD environment

RD 41 Reputation points
2024-02-09T01:22:51.48+00:00

Hello Friends, I am looking for a Microsoft tool or a Script to find

  1. Details of User01 or User02 who logged into number of servers.
  2. Time they logged in, logged off, when they changed their passwords, Activities they performed like change other user's AD passwords for users.
  3. Details of server, Server01 and Server02, who logged on it and timestamp.

Do let me know if you need more information. Please share your valuable suggestions. Thank you Rattan

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,613 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,635 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,462 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Rich Matheisen 45,906 Reputation points
    2024-02-09T15:50:03.38+00:00

    AD authentication is recorded in the event log of the domain controller that authenticated the user. You'd have to query each DC in the AD domain to get that information.

    Which activities they undertook would also be recorded in the event log. But unless you're auditing activities you would find much detail.

    Note that auditing greatly increases the number of events recorded in the security logs. In a large AD you can rapidly run out of space in the log. Something to keep in mind when you're formulating you audit policies.

    While PowerShell can help, you'd probably find that a commercial software (or freeware/shareware) product can help you manage and report all the activity.

    0 comments No comments