====== Network Users ======


First of all, check your auditing settings:

In the Group Policy Management Editor, choose <code>Computer Configuration → Policies → Windows Settings → Security Settings → Local Policies → Audit Policy</code>Set the following audit policies:
  * Audit account management: “Success”
  * Audit directory service access: “Success”
  * Audit logon events: “Success” and “Failure”

Alternatively, you can set Advanced audit policies:

In the Group Policy Management Editor, expand <code>Computer Configuration → Policies → Windows Settings → Security Settings → Advanced Audit Policy Configuration → Audit Policies</code>

Set the following audit policies:

Account Logon
  * Audit Kerberos Authentication Service: “Success, Failure”
  * Audit Kerberos Service Ticket Operations: “Success, Failure”
  * Audit Other Account Logon Events : “Success, Failure”


Account Management
  * Audit Computer Account Management: “Success”
  * Audit Distribution Group Management: “Success”
  * Audit Security Group Management: “Success”
  * Audit User Account Management: “Success”


DS Access
  * Audit Directory Service Access: “Success”


Logon/Logoff
  * Audit Logoff: “Success”
  * Audit Logon: "Success”
  * Audit Other Logon/Logoff Events: "Success”
  * Audit Special Logon: "Success”