Re: Active AD users?

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 08/16/04 

Date: Mon, 16 Aug 2004 19:29:30 GMT

There is a free tool from SomarSoft called Dumpsec. If you use the report for
users/table you can add attributes for last logon time and logon server. If you run
this from a domain controller it will give you an idea of what is going on. The best
way to make sure users logon to the domain is to make sure that they do not have
local accounts on domain computers and are not in the local administrators group
which allows them to create local users. Keep in mind that the logon events in the
security log can be generated from non domain users using domain credentials to
access domain resources. If you audit "account logon" events for domain computers and
are finding "account logon" events in the security log on domain computers, then
users are logging onto the local computer and not the domain. Note that there is a
difference in "account logon" events and "logon" events. Only logon events will be
recorded in the security log of a domain computer if a domain users logs onto the
domain via a domain computer. In that case the "account logon" event will be recorded
in the security log of the domain controller that authenticated the user. --- Steve

"Carlton" <anonymous@discussions.microsoft.com> wrote in message
news:73a301c483bc$f47bf070$a601280a@phx.gbl...
>I have 95% of all users logging into our AD domain. Is
> there a way to tell who is logging in and who is not
> without having to sift through the Event logs?
> Also, is there a way to scroll a list of currently logged
> in users?
> Carlton.
>

Relevant Pages

  • Re: Tracking unauthorized access to my computer
    ... Remote Desktop. ... The user name, logon type, and time can give you an idea who is ... Also look at your own logon events for your user account ... I would also increase the size of the security log to like ...
    (microsoft.public.security)
  • Re: logon and account logon audit events
    ... Assuming that the necessary events are enabled for auditing, when you logon ... to a domain computer as a domain user an "account logon" event is recorded ... "logon" event is recorded in the security log of the domain computer you ...
    (microsoft.public.win2000.security)
  • Re: Event 529 occuring 2500 times every day
    ... I am receiving this error message in my security log about 2500 ... Logon Failure: ... Caller User Name: - ...
    (microsoft.public.windows.server.sbs)
  • Re: Event 529 occuring 2500 times every day
    ... Just to let you know the error message has disappeared 30 days after I ... I am receiving this error message in my security log about 2500 ... Logon Failure: ... Caller User Name: - ...
    (microsoft.public.windows.server.sbs)
  • Re: Event 529 occuring 2500 times every day
    ... I am receiving this error message in my security log about 2500 ... Logon Failure: ... User Name: HSSSERVER$ ... Caller User Name: - ...
    (microsoft.public.windows.server.sbs)