Who is talking to my Domain Controller
Posted on 2015-02-13
I do not control my entire environment, and it is very possible that someone has setup an application to query my DC's (This specific DC by name, yes yes I know, bad practice) LDAP for authentication and Authorization. Now I need to rebuild my DC. I need to know what other computers out there are using this DC. I would really like your thoughts.
netstat -aon, and evaluate all the IP's found
Event logs (which ones?)
Windows Firewall logs (currently off, other protections in place)