Solved

Finding LDAP queries targetting an OU

Posted on 2015-02-18
5
57 Views
Last Modified: 2015-03-04
Hello All,

We have a large organization with a messy Active Directory structure.
One thing that's a huge thorn in my side is that all the users are in the default users' container. This is something I've inherited, and have been trying to fix for a while (few months) now.
We'd like to rearrange our Active Directory structure a bit, but don't know what will break if we start moving users and OUs around.

I'm looking for a tool or way to find out what LDAP queries are targeting an OU, and if possible, where it comes from. In other words, the source of LDAP queries that targets specific OUs.

Any help and/or advice would be highly appreciated.
Thank you.

Ampletrix
0
Comment
Question by:Ampletrix
  • 3
  • 2
5 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 40619154
You can turn on field engineering diagnostic control and have it log LDAP queries issued against a DC.

However, it will generate a vast number of logs because *everything* makes LDAP queries, it's a big mess to sort through.

If you have a busy DC this is not at all advisable and even then perhaps only for extremely short intervals. Bit of a needle in a haystack problem I'm afraid.

Anyway, this is the how:

http://support.microsoft.com/kb/314980

You'd create a Reg DWORD 15 (Field Engineering) and set it's value to 4 (Verbose).

That leaves you with the problem of picking the exceptional requests you want out of the normal operational noise. It's a hard one to tackle unfortunately.

Chris
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 40619191
Apologies, slight error. The logging level would need to be set to 5 (not 4). It also needs Expensive Searches defining (the defaults lowering) to capture everything.

That's better described here:

https://msdn.microsoft.com/en-us/library/ms808539.aspx?f=255&MSPPError=-2147217396#efficientadapps_topic04

You'd want to drop the Expensive and Inefficient thresholds right down to capture everything.

Chris
0
 

Author Comment

by:Ampletrix
ID: 40620306
Hi Chris,

Thanks for your help.
I'm going to have to create a change request for this. Good old ITIL processes...  ;-)
I'll let you know how it goes.

Cheers.
Ampletrix
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 40620700
Good luck :)
0
 

Author Closing Comment

by:Ampletrix
ID: 40646090
It worked for me, after hours of going through events and noise in logs.
Thank you.
0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question