How to determine whether computer is on Domain from event logs?
Solution 1
I'd recommend you check the Security section of the Event Viewer (or the appropriate log):
If you open an entry here, you'll see a log entry for some authentication event. The event I opened here was validated against the domain WINXP
. That is, in fact, the name of the workstation, not a domain controller:
So this could be a hint that the whole machine is not connected to a domain. If you check more entries, you can see if there ever was an authentication event against another machine (maybe a domain controller).
I don't think this would be a reliable way to determine if a client is, in fact, a domain client. But it might help.
Just FYI, a quick way to determine if the machine is part of a domain if you have access to it could be to:
echo %LOGONSERVER%
on a command prompt. If it prints the local machine name, it's not part of a domain. Otherwise, it should print the name of the domain controller.
Solution 2
Just do a search for 3260 this is the event that will show in the system log when a PC joins a domain.
CJ7
Updated on September 18, 2022Comments
-
CJ7 over 1 year
I have spent a short period of time in an office recently, and I was able to dump the event logs on to a USB drive.
There are only XP Pro machines in the office. Is it possible that there is a domain running?
What should I look for in the Event Logs to work out whether they are in a domain?
-
Oliver Salzburg about 12 yearsIs that emitted with every user logon or only when the machine initially joins the domain?