I am using an Active Directory server with Windows Server 2012 R2 Datacenter.
In the Event Viewer of the AD Server, I want to track down logons (succeeded/failed) of users into servers monitored by this AD server. At the moment, I only see events with code 4776 related to logons, but they lacks information about Source Workstation. This is an example:
" EventCode=4776 EventType=0 ComputerName=computer.name SourceName=Microsoft Windows security auditing. Type=Information RecordNumber=6697575380 Keywords=Audit Success TaskCategory=Credential Validation OpCode=Info Message=The computer attempted to validate the credentials for an account.