locked
User's logon information RRS feed

  • Question

  • Hi,

    Today we analyse the DC security event log in order to retrieve the following information :

    - When did the user logon and from which AD Sites (from which computer, which IP, which subnet) ?

    - When did the user logoff ?

    - What are the NTLM/Kerberos failed request that generates account lockout ?

    Do we have these information in ATA ?

    Thanks,

    Wednesday, September 16, 2015 1:18 PM

All replies

  • Hi,

    please see the ATA FAQ.

    https://technet.microsoft.com/library/mt163704.aspx

    Wednesday, September 16, 2015 1:42 PM