On DC with IP address 192.168.0.123:
wevtutil sl Microsoft-Windows-NTLM/Operational /e:true
wevtutil qe Microsoft-Windows-NTLM/Operational /q:"*[System[(EventID=8004 or EventID=8005)]]" /f:text
net share
Share name Resource Remark
-------------------------------------------------------------------------------
C$ C:\ Default share
IPC$ Remote IPC
ADMIN$ C:\Windows Remote Admin
NETLOGON C:\Windows\SYSVOL\sysvol\my.local\SCRIPTS
Logon server share
SYSVOL C:\Windows\SYSVOL\sysvol Logon server share
The command completed successfully.
