1 Reply Latest reply on Dec 18, 2015 8:34 AM by alex.cosby

    User Logon/Logoff (evt ID 4624/4634) with multiple DCs


      When looking for user logon/logoff events, I'm seeing duplicate events across all domain controllers.  E.G. if we have 4 DCs, each logon/logoff triggers 4 events within a few seconds of each other.  This makes sense, but it's hard to produce actionable reports.  I'm not keen on the idea of only monitoring the PDC, so is there a simple way to filter nDepth results to reduce or remove duplicate hits from multiple DCs?