Searching for logon failures for privileged accounts (domain admins)

Follow

Jason St. Jean

• November 14, 2019 19:52

I'm thinking that this isn't possible, but I thought I'd ask.

Is there a way to audit logon failures for privileged accounts, specifically Active Directory domain administrators? From what I understand about the nature of log searches, since the logon failure wouldn't have any reference to the nature of the account that failed logon (what privileged groups it belongs to) there would be no way to pull that info from AD.

I suppose I was hoping for a way to perform some sort of AD lookup and then create an alert when it is found.

 

Thanks for any insight in this.

0

• 

  Renaldo Flowers

  • January 12, 2022 03:44

  Having the same issue did you ever figure this out?

  0

  Comment actions Permalink

Please sign in to leave a comment.