How to report Kerberos-Logon activities from trusted Domain?
I tired a couple of approaches but did not catch Events from User-Logons from a trusted Domain.
Typically it is Event ID 4624:
Typically it is Event ID 4624:
=================================================================
An account was successfully logged on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Information:
Logon Type: 3
Restricted Admin Mode: -
Virtual Account: No
Elevated Token: No
New Logon:
Security ID: <TrustedDomain>\<Username>
Account Name: <Username>
Account Domain: <FQDN>
...
Detailed Authentication Information:
Logon Process: Kerberos
Authentication Package: Kerberos
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
=================================================================
All other User activities with "Local Logon's" in the Domain are captured well.
What do I need to Monitor in Custom Reports to get these Events 4624?
Thanks!
Thanks!
Topic Participants
Klaus Niesporek
Bruce McClane
New to M365 Manager Plus?
New to M365 Manager Plus?
New to RecoveryManager Plus?
New to RecoveryManager Plus?
New to Exchange Reporter Plus?
New to Exchange Reporter Plus?
New to SharePoint Manager Plus?
New to SharePoint Manager Plus?
New to ADManager Plus?