How to know which DC is being used for authentication on fo a specific AD User

I’m trying to find Which DC is the user auth being verified with for a specific ad user

From the DC or from the client?

From the DC.
I have 6 domain controllers, the users I’m looking for using Linux machines. just need to know which DC is auth those machines
For some reason the logon is not being seen by FSSO

Well, it’s not really a PowerShell question - it’s an AD question. But I’ll give it a shot!

You need to have logon auditing turned on for every D.C. You will need to query the event log on each DC to see which one processed the login. There’s no way to make that fast or easy.

It’s turned on already.

Is it possible to use

$DCs= (Get-ADForest).Domains | %{ Get-ADDomainController -Filter * -Server $_ }

and then loop-through each one and get the log from security log files ??

Possible? Sure. Give it a shot. That’s the easiest way to tell if it’s possible :).