you can use eventcombmt.exe from the windows resource kit to search your domain controllers for specific security event logs.
i think event id 673 will give you success and failure audit logs. event comb can save the report in csv for you to easily read and format it.
Finding Admin Logins in Security Event Log
I am need to be able to search, alert, and report on data from the
Windows Security Event Log. I need to be able to determine if any
login attempts (success|failure) are for users who have elevated
priveleges (administrator). This could be the administrator account
or any account that has admin priveleges. Is there somewhere in the
security event log that gives me an idea the level of priveleges the
user logging in has?
Previous Posts In This Thread:
Submitted via EggHeadCafe - Software Developer Portal of Choice
WPF Reflection Effect http://www.eggheadcafe.com/tutorials...on-effect.aspx