Steps to enable account logon events auditing using GPMC:

1. Press start, search for, and open the Group Policy Management Console or run the command gpmc.msc.
   
2. If you want to audit all the accounts in the domain, right click on the domain name and click on Create a GPO in this domain, and Link it here.
3. If you want to audit accounts in a specific Organizational Unit (OU), right click on that OU and click on Create a GPO in this domain, and Link it here.
   
4. Name the Group Policy Object (GPO) as appropriate.
5. Right click on the newly created GPO, and choose Edit.
   
6. In the Group Policy Management Editor, on the left pane, navigate to Computer Configuration → Policies → Windows Settings → Security Settings → Local Policies → Audit Policy.
   
7. In the right pane, you will see a list of policies that are under Audit Policy. Double-click on Audit account logon events and check the boxes labeled Define these policy settings, Success, and Failure.
   
8. Click on Apply and then on OK.
9. Go back to the Group Policy Management Console, and on the left pane, right click on the OU or domain in which the GPO was linked and click on Group Policy Update. This step makes sure the new Group Policy settings are applied instantly instead of waiting for the next scheduled refresh.
   

Once this policy is enabled, events are logged on Domain Controllers' (DC) security log whenever a logon is validated by the DC.

Find account logon events using Event Viewer

Once the above steps are complete, account logon events get recorded as event logs under various Event IDs. These events can be viewed in the Event Viewer by following the steps below:

1. Press Start, search for Event Viewer, and click to open it.
2. In the Event Viewer window, on the left pane, navigate to Windows log → Security.
3. Here, you will find a list of all the security events that are logged in the system.
   
4. On the right pane, under security, click on Filter current log.
   
5. In the pop-up window, enter the desired Event ID* in the field labeled <All Event IDs>.

   *The following Event IDs are generated for the given events:

   Event ID	Subcategory	Event Type	Description
   4768	Kerberos Authentication Service	Success and Failure	A Kerberos authentication ticket (TGT) was requested
   4769	Kerberos Service Ticket Operations	Success and Failure	A Kerberos service ticket was requested
   4776	Credential Validation	Success and Failure	The computer attempted to validate the credentials for an account.

   Note: By default, only successful logon attempts are audited. Failed attempts can be audited by enabling it in Advanced Audit Policy Configuration.

6. Click on OK. This will provide you a list of occurrences of the entered Event ID.
7. Double-click on the Event ID to view its properties (description).
   

As you can see, getting a comprehensive overview of all the logons occurring in your network is impossible using native auditing to keep track of each event as it occurs. An administrator would have to search for the Event ID and view each event's properties. This is highly impractical.

ADAudit Plus monitors user logon activity in real time and provides in-depth reports. You can also get alerts for unusual logon activity and automate a response for them. ADAudit Plus provides all these features and much more to safeguard your Active Directory.