With TACACS/RADIUS Server, depends on the server.
With the router performing the authentication, you can use SNMP, syslog or just a normal show command:
Praetorian#sh aaa ?
attributes Show attributes supported by AAA subsystem
cache Show contents of AAA caches
method-lists Show method lists defined in the AAA subsystem
servers Show AAA Servers as seen by the AAA Server MIB
sessions Show AAA Sessions as seen by AAA Session MIB
user Show users active in the AAA subsystem
For all its faults, Windows Server is a decent RADIUS server.
Here's a link for the background:
*Personally*, I would use a RADIUS server, hence making user management easier from the point of security and it also facilitates auditing. Just my 2 pence.