Hi
I was looking for a bit of help.
I need to find where LDAP queries are coming from in our environment. In the past application owners would hard copy a Domain controller and a full dn path to query LDAP. We are collapsing our OU structure and I now need to know what queries are happening and where they are coming from. I would like to use powershell to find this information and create a report if possible. any help would be great. I am not sure where to even start.
Find where LDAP queries are coming from
Forum rules
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
- jrremillard
- Posts: 58
- Last visit: Sun Aug 08, 2021 7:42 am
- SAPIEN Support Forums
- Posts: 945
- Last visit: Thu Oct 22, 2015 1:10 pm
Find where LDAP queries are coming from
This is an automated post. A real person will respond soon.
Thank you for posting, jrremillard.
Here are some hints to help you get an accurate and complete answer to your question.
Ask in the best forum:
Anticipate follow-up questions!
Did you remember to include the following?
*** Make sure you do not post any licensing information ***
Thank you for posting, jrremillard.
Here are some hints to help you get an accurate and complete answer to your question.
Ask in the best forum:
- - Scripting question? For questions about Windows PowerShell or other scripting languages, use Scripting Answers.
- Software question? For questions about PowerShell Studio, PrimalScript, or other SAPIEN products, use Product Support Forums for Registered Customers.
- Trial question? For questions about trial versions of any SAPIEN product, use Trial Software Questions.
Anticipate follow-up questions!
Did you remember to include the following?
- 1. Product, version and build
2. 32 or 64 bit product
3. Operating system, e.g. Windows 7 64 bit.
4. Attach a screenshot, if applicable
5. Attach logs, crash reports, etc., in a ZIP file
*** Make sure you do not post any licensing information ***
Re: Find where LDAP queries are coming from
You need to enable ad auditing to track LDAP queries. Just audit reads of the root and all children.
This cannot be done with a script. It must be done either with a network analyzer or via auditing.
Once you have auditing enabled you can use a script to format the reports.
Post questions about AD auditing to the Directory Services Forum. They will assist in setting up your system.
This cannot be done with a script. It must be done either with a network analyzer or via auditing.
Once you have auditing enabled you can use a script to format the reports.
Post questions about AD auditing to the Directory Services Forum. They will assist in setting up your system.
- jrremillard
- Posts: 58
- Last visit: Sun Aug 08, 2021 7:42 am
Re: Find where LDAP queries are coming from
Be careful as enabling auditing blindly can have a negative affect on busy AD servers. You need to think about andunderstand how to do this safely. Normally we only audit changes and not reads. Reads can occur at a very high volume and rate. Aufit only theobjects that you are going to move or remove. Do not audit the containers.