Forum

Ultimate Windows Security Forum » IT Audit » Active Directory » Map IP address to domain credential supplied

Map IP address to domain credential supplied

Rate Topic

Display Mode

Topic Options

Author

Message

ddrumm

Posted 2/24/2011 4:16:45 PM

Forum Newbie

Group: Forum Members
Last Login: 2/24/2011 4:13:38 PM
Posts: 1, Visits: 0

I am trying to figure out the best tool to extract domain logins from our domain controllers, such that I can create a network map that shows every credential used by any given IP address in our network. What would be the best tool to accomplish this task?

Post #608

RandyFranklinSmith

Posted 2/25/2011 8:15:54 AM

Expert

Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 326, Visits: 0

Use logparser to query all your DC security logs for event 672 or its equivalent in win2008, generate a result set of IP and user names (you'll need to use the EXTRACT_TOKEN function to get user name and IP) and include the keyword distinct so that it dedupes the result set. To get those 2 fields out of the Strings field you do something like EXTRACT_TOKEN(Strings,5,'|') AS ClientAddress,

Post #610

bjvista

Posted 3/26/2011 10:41:10 AM

Forum Newbie

Group: Administrators
Last Login: 4/13/2009 5:07:47 PM
Posts: 1, Visits: 0

test

Post #626

« Prev Topic | Next Topic »

Permissions

All times are GMT -5:00, Time now is 9:32am

Upcoming Webinars

AD Audits: Top 7 Questions to Answer When Auditors Look at Account Management and Access Control in Active Directory

Additional Resources

Home

Forum

User name:
Password:
	/ Forgot?
	Register

Home

About | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2008 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.