In the NTDS performance object there are two counters: NTLM Authentcations and Kerberos Authentications. They wouldn't be able to tell you "who" is authencating using those methods, but they would be able to provide a better idea. Both counters are in number of requests per second.
Ryan
On 3/3/06, Rachui, Scott <[EMAIL PROTECTED]> wrote:
I have an interest in finding out how many of the users in our primary
forest are authenticating via NTLM instead of Kerberos. I know that in
Windows 2003 there is a new well-known security principal called "NTLM
Authentication" which dynamically contains the list of people who
authenticated via NTLM.
My question is, does anyone know how to query this security principal so
I could get that list of people? Even if it's an ever-changing list, a
snapshot at different times would be useful to see volumes. I was
thinking of comparing that list to the "This Organization" security
principal so I could tell what % of authentication were NTLM.
If there's another way to do this, I'm open to suggestions as well.
Thanks in advance for any comments.
Scott
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/