How does the system log unauthorized access attempts?

Logged in Active Directory.

How does the system log unauthorized access attempts?