Monitoring Active Directory Logins

Is there a way to generate a list or report as to who is logged in and
attached to what Domain Controller at any given time?

Hello Bruce,

Basically this wan't be logged, you can check all DCs event viewer when auditing
is configured for success/failure. See here for a scripting solution:
http://www.rlmueller.net/Logon5.htm

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Is there a way to generate a list or report as to who is logged in and
> attached to what Domain Controller at any given time?
>

There is a freeware tool called Limit Login that should be able to help out.

http://technet.microsoft.com/en-us/m...spotlight.aspx

--
Paul Bergson
MVP - Directory Services
MCITP - Enterprise Administrator
MCTS, MCT, MCSE, MCSA, MCP, Security +, BS CSci
2008, Vista, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewGroups. This
posting is provided "AS IS" with no warranties and confers no rights.
"Bruce Sarte" <> wrote in message
news:C7FD99AA.11953%...
> Is there a way to generate a list or report as to who is logged in and
> attached to what Domain Controller at any given time?
>

Howdie!

On 28.04.2010 13:52, Bruce Sarte wrote:
> Is there a way to generate a list or report as to who is logged in and
> attached to what Domain Controller at any given time?

this isn't logged by default, so you would need to adjust the audit
policy on the DCs. That being said, having the DCs log it is one thing,
since Active Directory is a distributed system, authentication might hit
any DC (theoretically, most likely is any DC in the same site as the
client is). So you'll need a facility to comb through the event logs of
all DCs in question.

Also, from your question, you used the word "attached". You need to know
that clients and DCs don't have a special connection - they are loosely
coupled. ClientA can use DC-A for authentication and 20 minutes ago, ask
DC-B to answer a DNS query of create a auth ticket for some services.
The whole thing is not as static as you might think.

Cheers,
Florian

Thanks everyone for the suggestions, I know I can check the log files on the
machine but that can be cumbersome so I was looking for something more
real-time. I' know they don't have a persistent connection, I'm more
looking for what DC it used to authenticate and pull it's policy info from
to try and troubleshoot where my users are having their issues... IE: if
they connect to one they are happy but another they aren't.. That sort of
thing.


On 4/28/10 8:28 AM, in article #,
"Florian Frommherz [MVP]" <> wrote:

> Howdie!
>
> On 28.04.2010 13:52, Bruce Sarte wrote:
>> Is there a way to generate a list or report as to who is logged in and
>> attached to what Domain Controller at any given time?
>
> this isn't logged by default, so you would need to adjust the audit
> policy on the DCs. That being said, having the DCs log it is one thing,
> since Active Directory is a distributed system, authentication might hit
> any DC (theoretically, most likely is any DC in the same site as the
> client is). So you'll need a facility to comb through the event logs of
> all DCs in question.
>
> Also, from your question, you used the word "attached". You need to know
> that clients and DCs don't have a special connection - they are loosely
> coupled. ClientA can use DC-A for authentication and 20 minutes ago, ask
> DC-B to answer a DNS query of create a auth ticket for some services.
> The whole thing is not as static as you might think.
>
> Cheers,
> Florian

Did you check my link to Limit Login? It has a feature of what you want and
it is free.

--
Paul Bergson
MVP - Directory Services
MCITP - Enterprise Administrator
MCTS, MCT, MCSE, MCSA, MCP, Security +, BS CSci
2008, Vista, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewGroups. This
posting is provided "AS IS" with no warranties and confers no rights.
"Bruce Sarte" <> wrote in message
news:C7FDAF96.11968%...
> Thanks everyone for the suggestions, I know I can check the log files on
> the
> machine but that can be cumbersome so I was looking for something more
> real-time. I' know they don't have a persistent connection, I'm more
> looking for what DC it used to authenticate and pull it's policy info from
> to try and troubleshoot where my users are having their issues... IE: if
> they connect to one they are happy but another they aren't.. That sort of
> thing.
>
>
> On 4/28/10 8:28 AM, in article #,
> "Florian Frommherz [MVP]" <> wrote:
>
>> Howdie!
>>
>> On 28.04.2010 13:52, Bruce Sarte wrote:
>>> Is there a way to generate a list or report as to who is logged in and
>>> attached to what Domain Controller at any given time?
>>
>> this isn't logged by default, so you would need to adjust the audit
>> policy on the DCs. That being said, having the DCs log it is one thing,
>> since Active Directory is a distributed system, authentication might hit
>> any DC (theoretically, most likely is any DC in the same site as the
>> client is). So you'll need a facility to comb through the event logs of
>> all DCs in question.
>>
>> Also, from your question, you used the word "attached". You need to know
>> that clients and DCs don't have a special connection - they are loosely
>> coupled. ClientA can use DC-A for authentication and 20 minutes ago, ask
>> DC-B to answer a DNS query of create a auth ticket for some services.
>> The whole thing is not as static as you might think.
>>
>> Cheers,
>> Florian
>

Paul -- just looked at Limit Login, looks good but it looks like I'd have to
install a portion on clients. Not something I can right now so I'll have to
plan it out a little.


On 4/28/10 11:44 AM, in article , "Paul
Bergson [MVP-DS]" <> wrote:

> Did you check my link to Limit Login? It has a feature of what you want and
> it is free.

Hello Bruce,

To view the user logon and other related information could be fetched well
through the ARKWE tool. Admin Report Kit for Windows Enterprise reports user
logon information, time elapsed since logon, Memory used and oher relevant
information corresponding to the domain. You can probably take at ARKWE from
http://www.vyapin.com/windows-audit/windows-reports.htm

Hope this addresses your query.

"Bruce Sarte" wrote:

> Is there a way to generate a list or report as to who is logged in and
> attached to what Domain Controller at any given time?
>
> .
>

I believe that can just be part of the logon script. Nothing actually would
have to go on clients.

--
Paul Bergson
MVP - Directory Services
MCITP - Enterprise Administrator
MCTS, MCT, MCSE, MCSA, MCP, Security +, BS CSci
2008, Vista, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewGroups. This
posting is provided "AS IS" with no warranties and confers no rights.
"Bruce Sarte" <> wrote in message
news:C7FDEE1B.119A0%...
> Paul -- just looked at Limit Login, looks good but it looks like I'd have
> to
> install a portion on clients. Not something I can right now so I'll have
> to
> plan it out a little.
>
>
> On 4/28/10 11:44 AM, in article ,
> "Paul
> Bergson [MVP-DS]" <> wrote:
>
>> Did you check my link to Limit Login? It has a feature of what you want
>> and
>> it is free.
>