Hi,
Today we analyse the DC security event log in order to retrieve the following information :
- When did the user logon and from which AD Sites (from which computer, which IP, which subnet) ?
- When did the user logoff ?
- What are the NTLM/Kerberos failed request that generates account lockout ?
Do we have these information in ATA ?
Thanks,