• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 516
  • Last Modified:

Log LDAP queries

I would like to log all LDAP queries to a domain controller over a 24h period. What's the best approach? I'm looking for the content of the queries, not just the source.
1 Solution
You could use portmirroring and tools like wireshark to monitor traffic on LDAP port 389.
This will only monitor the unencrypted traffic though. If your clients / software use LDAP over SSL you will see traffic on port 636 but won't be able to see the contents.

You should also read this:

and this:

and see if you can get ADS to log the queries in the windows security logs.

Hope this helps.

Best regards,

miller3773Network AdministratorCommented:
Netmon from Microsoft will also work and you can isolate only LDAP traffic.
albatros99Author Commented:
I ended up changing the following two keys:

"15 Field Engineering" set to 5 (default is 0)
Expensive Search Results Threshold:DWORD set to 1

The information ends up in the Directory Service Log.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now