Tracking Account Usage on Domain Environment

Tracking Account Usage on Domain Environment

Operating Systems:
Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10

Domain controller successfully authenticates a user via NTLM Protocol:
4776: The domain controller attempted to validate the credentials for an account
      Logon Account: name of the account
      Source Workstation: computer name where logon attempt originated
      Error Code:
            C0000064 - user name does not exist
            C000006A - user name is correct but the password is wrong
            C0000234 - user is currently locked out
            C0000072 - account is currently disabled
            C000006F - user tried to logon outside his day of week or time of day restrictions
            C0000070 - workstation restriction
            C0000193 - account expiration
            C0000071 - expired password
            C0000224 - user is required to change password at next logon
            C0000225 - evidently a bug in Windows and not a risk

Domain controller successfully authenticates a user via Kerberos Protocol:
4768: A Kerberos authentication ticket (TGT) was requested (Successful logon)
      Account Name:  logon name of the account that just authenticated
      Client Address:  IP address where user is present

4771: Kerberos pre-authentication failed
      Account Name:  logon name of the account that just authenticated
      Client Address:  IP address where user is present
      Failure Code: 0x18 - Pre-authentication information was invalid
4769: A Kerberos service ticket was requested(Access to server resources)
      Account Name:  logon name of the account that just requested the ticket     
      Client Address:  IP address where user is present
      Service Name:  the account name of the computer or service the user is requesting the ticket for