Monitor Service Account logon attemps


I want to be able to monitor the usage of Service Accounts in my environment. I want to see if there are logon attempts with these accounts and the device that the logon attempt is being made from.
Service Account have either ‘srv’ or ‘svc’ in their name.

Is there someone who can inform me how to do this?



Hi Wijnand,

Take a look at the Active Directory bundle, this includes information on service accounts.

I do believe the bundle is loaded onto your EDA. If not you can find it here: