?
Solved

Finding LDAP queries targetting an OU

Posted on 2015-02-18
5
Medium Priority
?
79 Views
Last Modified: 2015-03-04
Hello All,

We have a large organization with a messy Active Directory structure.
One thing that's a huge thorn in my side is that all the users are in the default users' container. This is something I've inherited, and have been trying to fix for a while (few months) now.
We'd like to rearrange our Active Directory structure a bit, but don't know what will break if we start moving users and OUs around.

I'm looking for a tool or way to find out what LDAP queries are targeting an OU, and if possible, where it comes from. In other words, the source of LDAP queries that targets specific OUs.

Any help and/or advice would be highly appreciated.
Thank you.

Ampletrix
0
Comment
Question by:Ampletrix
  • 3
  • 2
5 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 40619154
You can turn on field engineering diagnostic control and have it log LDAP queries issued against a DC.

However, it will generate a vast number of logs because *everything* makes LDAP queries, it's a big mess to sort through.

If you have a busy DC this is not at all advisable and even then perhaps only for extremely short intervals. Bit of a needle in a haystack problem I'm afraid.

Anyway, this is the how:

http://support.microsoft.com/kb/314980

You'd create a Reg DWORD 15 (Field Engineering) and set it's value to 4 (Verbose).

That leaves you with the problem of picking the exceptional requests you want out of the normal operational noise. It's a hard one to tackle unfortunately.

Chris
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 40619191
Apologies, slight error. The logging level would need to be set to 5 (not 4). It also needs Expensive Searches defining (the defaults lowering) to capture everything.

That's better described here:

https://msdn.microsoft.com/en-us/library/ms808539.aspx?f=255&MSPPError=-2147217396#efficientadapps_topic04

You'd want to drop the Expensive and Inefficient thresholds right down to capture everything.

Chris
0
 

Author Comment

by:Ampletrix
ID: 40620306
Hi Chris,

Thanks for your help.
I'm going to have to create a change request for this. Good old ITIL processes...  ;-)
I'll let you know how it goes.

Cheers.
Ampletrix
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 40620700
Good luck :)
0
 

Author Closing Comment

by:Ampletrix
ID: 40646090
It worked for me, after hours of going through events and noise in logs.
Thank you.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
You have missed a phone call. The number looks like it belongs to the bunch of numbers which your company uses. How to find out who has just called you?
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

608 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question