How to know which DC is being used for authentication on fo a specific AD User

Welcome Forums General PowerShell Q&A How to know which DC is being used for authentication on fo a specific AD User

This topic contains 5 replies, has 2 voices, and was last updated by

 
Keymaster
1 year, 3 months ago.

  • Author
    Posts
  • #73796
    Del

    Participant
    Points: 0
    Rank: Member

    I'm trying to find Which DC is the user auth being verified with for a specific ad user

  • #73798

    Keymaster
    Points: 7
    Rank: Member

    From the DC or from the client?

  • #73801
    Del

    Participant
    Points: 0
    Rank: Member

    From the DC.
    I have 6 domain controllers, the users I'm looking for using Linux machines. just need to know which DC is auth those machines
    For some reason the logon is not being seen by FSSO

  • #73804

    Keymaster
    Points: 7
    Rank: Member

    Well, it's not really a PowerShell question – it's an AD question. But I'll give it a shot!

    You need to have logon auditing turned on for every D.C. You will need to query the event log on each DC to see which one processed the login. There's no way to make that fast or easy.

    • #73807
      Del

      Participant
      Points: 0
      Rank: Member

      It's turned on already.

      Is it possible to use

      $DCs= (Get-ADForest).Domains | %{ Get-ADDomainController -Filter * -Server $_ }

      and then loop-through each one and get the log from security log files ??

  • #73808

    Keymaster
    Points: 7
    Rank: Member

    Possible? Sure. Give it a shot. That's the easiest way to tell if it's possible :).

The topic ‘How to know which DC is being used for authentication on fo a specific AD User’ is closed to new replies.