In this article:  

• Objective

• Prerequisites

• Steps to follow

• Validation and confirmation

• Tips

• Related topics and articles

Objective  

Learn how to use the Domain Controller Logon Activity report in ADAudit Plus to monitor and review all successful and failed logon attempts on your domain controllers (DCs).

Prerequisites  

• Access to the ADAudit Plus web console with an administrator account or a technician account with permissions to view reports.

• On-premises DCs must be configured in ADAudit Plus, and event data must be collecting successfully.

• The necessary audit policies, specifically Audit Logon Events, must be enabled on your DCs to ensure logon data is generated and collected.

Steps to follow  

1. Log in to the ADAudit Plus web console.

2. Navigate to the Reports tab.

3. From the left pane, expand the User Logon Reports category.

4. Click the Domain Controller Logon Activity report.

5. From the Period drop-down menu, select the desired time frame.

6. To view the activity for specific DCs, click Add next to Select Objects and choose the DCs you wish to audit.
   
   
   

Validation and confirmation  

• The report will generate and display all logon events for the selected domain controllers and time period.

• Verify that the report includes critical details such as User Name, Client Host Name, Logon Time, Logon Type, and Remarks (e.g., successful logon, bad password).

Tips  

• This report is crucial for security. Pay close attention to interactive logons on your DCs, as this type of access should be strictly limited to authorized administrators.

• Schedule this report to be emailed to your security team daily to maintain constant awareness of who is accessing your critical infrastructure.

Related topics and articles  

• Real-Time User Logon Audit Reports