i need to get user log on and log off details of users using Active directory service. i can get the log on using TGT. and i know that AD does not keep record of log off event. but i can see a Kerberos SGT occur when log off. why is that? Is it ok to use it as log off event

Hi, Thanks for posting in Microsoft TechNet forums. We can audit it by using scripts: Audit User Logon and Logoff http://blogs.technet.com/b/configmgrdogs/archive/2008/09/25/audit-user-logon-and-logoff.aspx And here are some links for your reference: Audit Logoff http://technet.microsoft.com/en-us/library/dd941621(v=ws.10).aspx Audit Other Logon/Logoff Events http://technet.microsoft.com/en-us/library/dd772658(v=ws.10).aspx Also here is an article which can help us understanding Kerberos: Using Kerberos http://www.fnal.gov/docs/strongauth/user.html (Note: Since the site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.) Regards Kevin