Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


xpd



Chief Trash Bandit
10035 posts

Uber Geek

Mod Emeritus
Trusted
Lifetime subscriber

# 143070 2-Apr-2014 15:12
Send private message

Im more desktop rather than server else Id probably know this... :)

I need to find the logon history of a particular user, going back far as AD logs will let me - Ive had a look at quite a few different auditing tools but they either wont run, or dont offer me what I need.
I've been told to look at dsquery, which I have done, but makes little sense to me at the moment......

Can anyone give me a quickfire way of getting the information I need or am I stuffed ? :)

I have full access to the server/AD.


TIA





XPD / Gavin / DemiseNZ

 

Server : i5-3470s @ 3.50GHz  16GB RAM  Win 10 Pro    Workstation : i5-3570K @ 3.40GHz  20GB RAM  RX580 4GB Win 10 Pro    Console : Xbox One

 

https://www.xpd.co.nz - Games, emulation, geekery, and my attempts at photography.     Now on BigPipe 100/100 and 2Talk

 

Emulation - The art of getting your $4000 PC to run an 80's system - and still fails.

 

Add me on Steam


Create new topic

gjm

754 posts

Ultimate Geek


  # 1017275 2-Apr-2014 15:23
Send private message

I use EventCombMT for troubleshooting lockouts, sure you could do the same for auditing logons...have a read here http://windowsitpro.com/systems-management/take-advantage-eventcombmt-utility

M
y domain is 2003...not sure if it works on 2008 or 2012




[Amstrad CPC 6128: 128k Memory: 3 inch floppy drive: Colour Screen]

3874 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1017292 2-Apr-2014 15:51
Send private message

Pretty sure your screwed for historical purposes, unless the organisation has actively setup auditing of logon events.

Off the top of my head I'd imagine that going forward you could rig something up. Enable success audit logging on every DC, and forward the events to a central location.. 




Information wants to be free. The Net interprets censorship as damage and routes around it.


 
 
 
 


xpd



Chief Trash Bandit
10035 posts

Uber Geek

Mod Emeritus
Trusted
Lifetime subscriber

  # 1017353 2-Apr-2014 16:41
Send private message

Yeah, I'm thinking that. All these tools Ive downloaded today claim they can do it yet none have been able to....  oh well, looks like this project is going in the bin for now.






XPD / Gavin / DemiseNZ

 

Server : i5-3470s @ 3.50GHz  16GB RAM  Win 10 Pro    Workstation : i5-3570K @ 3.40GHz  20GB RAM  RX580 4GB Win 10 Pro    Console : Xbox One

 

https://www.xpd.co.nz - Games, emulation, geekery, and my attempts at photography.     Now on BigPipe 100/100 and 2Talk

 

Emulation - The art of getting your $4000 PC to run an 80's system - and still fails.

 

Add me on Steam


78 posts

Master Geek


  # 1017485 2-Apr-2014 19:51
Send private message

What exactly are you trying to audit?
Windows natively is messy in tracking this.
Local logons may not be tracked so easily
With domain logons you could setup a powershell script that queries event logs of each DC in your environment for a logon type event.
You may need to be more particular with your time frames as DCs generally generate allot of logs and may not keep logs for long unless specified otherwise.

If you have Altiris or other database collection software you could look at authentication logs from there.

xpd



Chief Trash Bandit
10035 posts

Uber Geek

Mod Emeritus
Trusted
Lifetime subscriber

  # 1017635 3-Apr-2014 08:30
Send private message

Trying to get historical login times for a user (When did they log into the office PC in the past few weeks/months ) - but appears going backwards is something Windows AD logging dosent do so well :) (Funny... MS Windows seems to go backwards every few release without an issue)

Ive got 1.5hrs left to find a solution ;)





XPD / Gavin / DemiseNZ

 

Server : i5-3470s @ 3.50GHz  16GB RAM  Win 10 Pro    Workstation : i5-3570K @ 3.40GHz  20GB RAM  RX580 4GB Win 10 Pro    Console : Xbox One

 

https://www.xpd.co.nz - Games, emulation, geekery, and my attempts at photography.     Now on BigPipe 100/100 and 2Talk

 

Emulation - The art of getting your $4000 PC to run an 80's system - and still fails.

 

Add me on Steam


Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Microsoft New Zealand Partner Awards results
Posted 18-Oct-2019 10:18


Logitech introduces new Made for Google keyboard and mouse devices
Posted 16-Oct-2019 13:36


MATTR launches to accelerate decentralised identity
Posted 16-Oct-2019 10:28


Vodafone X-Squad powers up for customers
Posted 16-Oct-2019 08:15


D Link ANZ launches EXO Smart Mesh Wi Fi Routers with McAfee protection
Posted 15-Oct-2019 11:31


Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29


Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24


Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59


Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07


Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02


Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41


Vodafone makes voice of 4G (VoLTE) official
Posted 4-Oct-2019 07:36


2degrees Reaches Milestone of 100,000 Broadband Customers
Posted 1-Oct-2019 09:17


Nokia 1 Plus available in New Zealand from 2nd October
Posted 30-Sep-2019 17:46


Ola integrates Apple Pay as payment method in New Zealand
Posted 25-Sep-2019 09:51



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.