• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 81
  • Last Modified:

Finding LDAP queries targetting an OU

Hello All,

We have a large organization with a messy Active Directory structure.
One thing that's a huge thorn in my side is that all the users are in the default users' container. This is something I've inherited, and have been trying to fix for a while (few months) now.
We'd like to rearrange our Active Directory structure a bit, but don't know what will break if we start moving users and OUs around.

I'm looking for a tool or way to find out what LDAP queries are targeting an OU, and if possible, where it comes from. In other words, the source of LDAP queries that targets specific OUs.

Any help and/or advice would be highly appreciated.
Thank you.

Ampletrix
0
Ampletrix
Asked:
Ampletrix
  • 3
  • 2
1 Solution
 
Chris DentPowerShell DeveloperCommented:
You can turn on field engineering diagnostic control and have it log LDAP queries issued against a DC.

However, it will generate a vast number of logs because *everything* makes LDAP queries, it's a big mess to sort through.

If you have a busy DC this is not at all advisable and even then perhaps only for extremely short intervals. Bit of a needle in a haystack problem I'm afraid.

Anyway, this is the how:

http://support.microsoft.com/kb/314980

You'd create a Reg DWORD 15 (Field Engineering) and set it's value to 4 (Verbose).

That leaves you with the problem of picking the exceptional requests you want out of the normal operational noise. It's a hard one to tackle unfortunately.

Chris
0
 
Chris DentPowerShell DeveloperCommented:
Apologies, slight error. The logging level would need to be set to 5 (not 4). It also needs Expensive Searches defining (the defaults lowering) to capture everything.

That's better described here:

https://msdn.microsoft.com/en-us/library/ms808539.aspx?f=255&MSPPError=-2147217396#efficientadapps_topic04

You'd want to drop the Expensive and Inefficient thresholds right down to capture everything.

Chris
0
 
AmpletrixAuthor Commented:
Hi Chris,

Thanks for your help.
I'm going to have to create a change request for this. Good old ITIL processes...  ;-)
I'll let you know how it goes.

Cheers.
Ampletrix
0
 
Chris DentPowerShell DeveloperCommented:
Good luck :)
0
 
AmpletrixAuthor Commented:
It worked for me, after hours of going through events and noise in logs.
Thank you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now