<div>
Netmon from Microsoft will also work and you can isolate only LDAP traffic.
</div>


<div>
I ended up changing the following two keys:<br />
<br />
HKLM\System\CurrentControl<wbr />Set\Servic<wbr />es\NTDS\Di<wbr />agnostics<br />
&quot;15 Field Engineering&quot; set to 5 (default is 0)<br />
&nbsp;<br />
HKLM\System\CurrentControl<wbr />Set\Servic<wbr />es\NTDS\Pa<wbr />rameters\ <br />
Expensive Search Results Threshold:DWORD set to 1 <br />
<br />
The information ends up in the Directory Service Log.
</div>


<div>
<div class="content wysiwyg-content">
I would like to log all LDAP queries to a domain controller over a 24h period. What's the best approach? I'm looking for the content of the queries, not just the source.
</div>
</div>


I would like to log all LDAP queries to a domain controller over a 24h period. What's the best approach? I'm looking for the content of the queries, not just the source.

Log LDAP queries

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.