How to know which DC is being used for authentication on fo a specific AD User

This topic contains 5 replies, has 2 voices, and was last updated by Profile photo of Don Jones Don Jones 1 month ago.

  • Author
    Posts
  • #73796
    Profile photo of Del
    Del
    Participant

    I'm trying to find Which DC is the user auth being verified with for a specific ad user

  • #73798
    Profile photo of Don Jones
    Don Jones
    Keymaster

    From the DC or from the client?

  • #73801
    Profile photo of Del
    Del
    Participant

    From the DC.
    I have 6 domain controllers, the users I'm looking for using Linux machines. just need to know which DC is auth those machines
    For some reason the logon is not being seen by FSSO

  • #73804
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Well, it's not really a PowerShell question – it's an AD question. But I'll give it a shot!

    You need to have logon auditing turned on for every D.C. You will need to query the event log on each DC to see which one processed the login. There's no way to make that fast or easy.

    • #73807
      Profile photo of Del
      Del
      Participant

      It's turned on already.

      Is it possible to use

      $DCs= (Get-ADForest).Domains | %{ Get-ADDomainController -Filter * -Server $_ }

      and then loop-through each one and get the log from security log files ??

  • #73808
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Possible? Sure. Give it a shot. That's the easiest way to tell if it's possible :).

You must be logged in to reply to this topic.