How to know which DC is being used for authentication on fo a specific AD User

This topic contains 5 replies, has 2 voices, and was last updated by  Don Jones 3 months, 3 weeks ago.

  • Author
    Posts
  • #73796

    Del
    Participant

    I'm trying to find Which DC is the user auth being verified with for a specific ad user

  • #73798

    Don Jones
    Keymaster

    From the DC or from the client?

  • #73801

    Del
    Participant

    From the DC.
    I have 6 domain controllers, the users I'm looking for using Linux machines. just need to know which DC is auth those machines
    For some reason the logon is not being seen by FSSO

  • #73804

    Don Jones
    Keymaster

    Well, it's not really a PowerShell question – it's an AD question. But I'll give it a shot!

    You need to have logon auditing turned on for every D.C. You will need to query the event log on each DC to see which one processed the login. There's no way to make that fast or easy.

    • #73807

      Del
      Participant

      It's turned on already.

      Is it possible to use

      $DCs= (Get-ADForest).Domains | %{ Get-ADDomainController -Filter * -Server $_ }

      and then loop-through each one and get the log from security log files ??

  • #73808

    Don Jones
    Keymaster

    Possible? Sure. Give it a shot. That's the easiest way to tell if it's possible :).

You must be logged in to reply to this topic.