When looking for user logon/logoff events, I'm seeing duplicate events across all domain controllers. E.G. if we have 4 DCs, each logon/logoff triggers 4 events within a few seconds of each other. This makes sense, but it's hard to produce actionable reports. I'm not keen on the idea of only monitoring the PDC, so is there a simple way to filter nDepth results to reduce or remove duplicate hits from multiple DCs?
↧