I have an interest in finding out how many of the users in our primary forest are authenticating via NTLM instead of Kerberos. I know that in Windows 2003 there is a new well-known security principal called "NTLM Authentication" which dynamically contains the list of people who authenticated via NTLM.
My question is, does anyone know how to query this security principal so I could get that list of people? Even if it's an ever-changing list, a snapshot at different times would be useful to see volumes. I was thinking of comparing that list to the "This Organization" security principal so I could tell what % of authentication were NTLM. If there's another way to do this, I'm open to suggestions as well. Thanks in advance for any comments. Scott List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/