| KB ID: | 10010 |
| Last Revision: | November 26, 2006 |
| Version: | 1.0 |
Search: Find the events when any user has failed to log onto any computer in a specific OU.
The most powerful feature of LogClarity® is the ability to search by location. Whether you manage a single OU or a number of domains, you need to search for your managed area in the domain in an intuitive and efficient way. LogClarity® lets you search for events for an entire location in one search.
The primary logon failures to a computer are logged as:
- Logon Failure (ID: 529)
- Pre-authentication Failed (ID: 675)
On top of Logon Failures (ID: 529), failed logons to remote machines might be logged as a Pre-authentication Failed (ID: 675). The difference between Logon Failures and Pre-authentication Failures is that the IP logged by a Logon Failures sometimes contains the IP address of the remote computer if the user is logging in remotely via Terminal Service (aka Remote Desktop) whereas the IP logged in the Pre-authentication Failures is always the IP Address of the computer being logged onto. The name of the computer being logged onto isn't logged, but should be easily attainable with the IP Address in the log.
PREREQUISITES
The name (aka sAMAccountName) of the computer.
ESTIMATED QUERY TIME
2-5 seconds.
METHOD 1 (Advanced Search)
1. Find the Distinguished Name
of the OU where the computers are located by typing the OU name in the
Distinguished Name Search Field and click Search.
2. Enter the correct Distinguished Name of the OU in the Target DN
field.
3. Select Logon Events only.
4. Select the Type as "Failure".
5. Click Submit.
For a more thorough search, start a new search, find the IP addresses of the computer, and do a search with the IP addresses, with the Type of Failure.
LIKELY SCENARIOS IT APPLIES TO
- You want the usage information of an entire office/lab/department that are organized by OUs.
FINE TUNE YOUR SEARCH
If you know the time scope, domain of the computers, or want to restrict your searches to users in a specific domain you can fine tune your search.