Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

can't recive EventID 4625 to MY AD

adcom26
Explorer
‎08-26-2020 04:40 AM

hello,

I Have a machine Windows server 2012 r2, I configure as Active directory, and I create a user (user_1, user_2) and I add a list of computers (Client_1, Client_2,...) under the domain

what I want is if a user_1 is fail to log in,  the client_1, then it sends the event code 4625 to the AD machine 

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

Richfez
SplunkTrust
SplunkTrust
‎08-26-2020 08:19 AM

This does not appear to be a Splunk question and we're unlikely to be able to help you in any great detail on this problem.

A hint though -

Your answer will be found most likely in some Microsoft docs or forums involving Active Directory.  From what I know, if you are trying to log into a domain account on a domain joined PC, it's very difficult to make the failed logins not show up.   So something's either seriously wrong, or you are just "doing the wrong thing" like not using a domain joined pc and using a domain account.

 

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to Officially Supported Splunk ...