Заметки сисадмина » User login history in whole Domain

Заметки сисадмина о интересных вещах из мира IT, инструкции и рецензии. Настраиваем Компьютеры/Сервера/1С/SIP-телефонию в Москве

User login history in whole Domain

2024-09-25 · Posted in Uncategorized

PowerShell

I reproduce your scenario and getting the expected result.

Event ID 4624 – An account was successfully logged on.

This event records every successful attempt to log on to the local computer. It includes critical information about the logon type (e.g. interactive, RemoteInteractive , batch, network, or service), SID, username, network information, and more. Monitoring this particular event is crucial as the information regarding logon type is not found in DCs. you can get a user login history report without having to manually crawl through the event logs.

Open the PowerShell ISE -> Run the following script, adjusting the timeframe:

ADAdudit Plus

You can also try with one easiest alternative way using A tool like ADAudit Plus that audits specific logon events as well as current and past logon activity to provide a list of all logon-related changes for particular user.

1)Download ADAdudit Plus in your VM and install it.

2)Add your Server name ,Username and password.

3)Follow the below picture to get the logon details of particular user.

Leave a Reply