Find where LDAP queries are coming from

Ask your PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 9 years and 3 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
User avatar
jrremillard
Posts: 58
Last visit: Sun Aug 08, 2021 7:42 am

Find where LDAP queries are coming from

Post by jrremillard »

Hi

I was looking for a bit of help.
I need to find where LDAP queries are coming from in our environment. In the past application owners would hard copy a Domain controller and a full dn path to query LDAP. We are collapsing our OU structure and I now need to know what queries are happening and where they are coming from. I would like to use powershell to find this information and create a report if possible. any help would be great. I am not sure where to even start.
User avatar
SAPIEN Support Forums
Posts: 945
Last visit: Thu Oct 22, 2015 1:10 pm

Find where LDAP queries are coming from

Post by SAPIEN Support Forums »

This is an automated post. A real person will respond soon.

Thank you for posting, jrremillard.

Here are some hints to help you get an accurate and complete answer to your question.

Ask in the best forum: If you asked in the wrong forum, just copy your question to the right forum.

Anticipate follow-up questions!

Did you remember to include the following?
  • 1. Product, version and build
    2. 32 or 64 bit product
    3. Operating system, e.g. Windows 7 64 bit.
    4. Attach a screenshot, if applicable
    5. Attach logs, crash reports, etc., in a ZIP file
If not, please take a moment to edit your original post or reply to this one.

*** Make sure you do not post any licensing information ***
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: Find where LDAP queries are coming from

Post by jvierra »

You need to enable ad auditing to track LDAP queries. Just audit reads of the root and all children.

This cannot be done with a script. It must be done either with a network analyzer or via auditing.

Once you have auditing enabled you can use a script to format the reports.

Post questions about AD auditing to the Directory Services Forum. They will assist in setting up your system.
User avatar
jrremillard
Posts: 58
Last visit: Sun Aug 08, 2021 7:42 am

Re: Find where LDAP queries are coming from

Post by jrremillard »

Thank you for the info..
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: Find where LDAP queries are coming from

Post by jvierra »

Be careful as enabling auditing blindly can have a negative affect on busy AD servers. You need to think about andunderstand how to do this safely. Normally we only audit changes and not reads. Reads can occur at a very high volume and rate. Aufit only theobjects that you are going to move or remove. Do not audit the containers.
This topic is 9 years and 3 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked