How do I track user account activity on a Domain(Windows Server 2008)

hi guys,

i'm junior system admin @ small company , i'm trying audit particular user, have limited knowledge on active directory , domain controllers i'm learning.

from understand central\main domain controller @ office , user i'm trying audit works @ office b. sites connected via mpls network , both offices have domain controllers. note there other domain controllers on mpls networks @ various locations/

i have check group policy ensure auditing enabled @ domain level , have found events shows user logging off , on, when attempt create own filter in event viewer under user's account i'm trying audit no results come up. have tried on both domains @ office , office b both giving me same results.

i have tried exporting entire security log csv file , found out doesn't retain general information shows account linked event.

i found powershell command "get-eventlog -message *useralias* -new 200 -logname security | fl * > new200sec.txt" when run command end empty text file.

can please point me in right direction.

kind regards,

johnny lam

hello,

for auditing use http://technet.microsoft.com/en-us/library/cc731607(v=ws.10).aspx http://technet.microsoft.com/en-us/library/dd408940(v=ws.10).aspx

it must configured on dcs ou , dcs must checked event viewer errors if don't have monitoring software scom example.

---

best regards

meinolf weber
mvp, mcp, mcts
microsoft mvp - directory services
my blog: http://msmvps.com/blogs/mweber/

disclaimer: posting provided no warranties or guarantees , confers no rights.

Windows Server  >  Directory Services