How to determine users authenticate to an application via their UPN

Hi,

Can we understand if a user account authenticates to an application with their UserPrincipalName(UPN) by viewing Domain Controller event log records or some other logs on a Domain Controller?  Our goal is to understand how many user accounts use their UPN to authenticate to an applic

August 25th, 2015 11:16am
In event viewer select the log you want, then select "filter current log..."  once you narrow down the items you specifically want to see you can create a custom view to see only those events.
Free Windows Admin Tool Kit Click here and download it now
August 25th, 2015 2:47pm

Thanks for the response.

In the event viewer, when I filter User Accounts for the ID I logged on with in the form, ID@Domain.Com, I don't see any records however Im logged on to the DC using ID@Domain.Com.

August 25th, 2015 5:29pm
just use the ID and drop the @domain.com.... You can also use the find section in event viewer to find a user name.... Once you identify the exact log you want to keep track of you can create a rule for that... Logon events are recorded in security log, if the application has its own even log I can not tell you how to customize it.
Free Windows Admin Tool Kit Click here and download it now
August 25th, 2015 5:55pm
I don't see it when I filter that way as well.  Im filtering the Security event log.
August 25th, 2015 5:59pm
In event viewer main page, select the log you want to view, on the right side there is an "action" section. There you can "filter current log..." or "find..."
Free Windows Admin Tool Kit Click here and download it now
August 25th, 2015 6:02pm

For how to filter Event Logs, please refer to this article:
 
https://technet.microsoft.com/en-us/library/cc722058.aspx
 
And for Logon events, we usually track 4624 event, the process info in the event usually identifies the program executable that processed the logon.
 

Regards,

Eth

August 26th, 2015 1:53am

What kind of an application is it? Does it have it's own event log for logons?

For how to filter Event Logs, please refer to this article:
 
https://technet.microsoft.com/en-us/library/cc722058.aspx
 
And for Logon events, we usually track 4624 event, the process info in the event usually identifies the program executable that processed the logon.
 

Regards,

Eth

Free Windows Admin Tool Kit Click here and download it now
August 26th, 2015 5:46am
I've been filtering event logs for quite some time and I don't see the data in the event logs.
August 26th, 2015 5:51pm
Windows records event logons in the security log but it may not record application logons... Does your application have an event log of some kind? What does it record? Do you need to enable the feature to show user logons?
Free Windows Admin Tool Kit Click here and download it now
August 26th, 2015 6:11pm

Hi SdeDot,

normally, in Active Directory security Event logs, it will only shows you CONTOSO\username no matter you log your using "user@contoso.com".

you will see it in the security event log with event ID 4624.

correct me if I am wrong.

August 26th, 2015 8:35pm

Thanks Aliyani.

I dont see anything in the form of UPN either.

Free Windows Admin Tool Kit Click here and download it now
August 27th, 2015 9:27am

Hi SdeDot,

I think only if the application are licked to the AD then you would be able to pick up the logon information of the particular user, as well your DC would created event ID.

Where is the application installed, on member server or the DC ?

if on a member server, may be try jedi_Aadministrator's suggestion

Regards

August 27th, 2015 9:41pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics