I'm thinking that this isn't possible, but I thought I'd ask.
Is there a way to audit logon failures for privileged accounts, specifically Active Directory domain administrators? From what I understand about the nature of log searches, since the logon failure wouldn't have any reference to the nature of the account that failed logon (what privileged groups it belongs to) there would be no way to pull that info from AD.
I suppose I was hoping for a way to perform some sort of AD lookup and then create an alert when it is found.
Thanks for any insight in this.
Please sign in to leave a comment.