Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Finding LDAP queries targetting an OU

Posted on 2015-02-18
5
Medium Priority
?
77 Views
Last Modified: 2015-03-04
Hello All,

We have a large organization with a messy Active Directory structure.
One thing that's a huge thorn in my side is that all the users are in the default users' container. This is something I've inherited, and have been trying to fix for a while (few months) now.
We'd like to rearrange our Active Directory structure a bit, but don't know what will break if we start moving users and OUs around.

I'm looking for a tool or way to find out what LDAP queries are targeting an OU, and if possible, where it comes from. In other words, the source of LDAP queries that targets specific OUs.

Any help and/or advice would be highly appreciated.
Thank you.

Ampletrix
0
Comment
Question by:Ampletrix
  • 3
  • 2
5 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 40619154
You can turn on field engineering diagnostic control and have it log LDAP queries issued against a DC.

However, it will generate a vast number of logs because *everything* makes LDAP queries, it's a big mess to sort through.

If you have a busy DC this is not at all advisable and even then perhaps only for extremely short intervals. Bit of a needle in a haystack problem I'm afraid.

Anyway, this is the how:

http://support.microsoft.com/kb/314980

You'd create a Reg DWORD 15 (Field Engineering) and set it's value to 4 (Verbose).

That leaves you with the problem of picking the exceptional requests you want out of the normal operational noise. It's a hard one to tackle unfortunately.

Chris
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 40619191
Apologies, slight error. The logging level would need to be set to 5 (not 4). It also needs Expensive Searches defining (the defaults lowering) to capture everything.

That's better described here:

https://msdn.microsoft.com/en-us/library/ms808539.aspx?f=255&MSPPError=-2147217396#efficientadapps_topic04

You'd want to drop the Expensive and Inefficient thresholds right down to capture everything.

Chris
0
 

Author Comment

by:Ampletrix
ID: 40620306
Hi Chris,

Thanks for your help.
I'm going to have to create a change request for this. Good old ITIL processes...  ;-)
I'll let you know how it goes.

Cheers.
Ampletrix
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 40620700
Good luck :)
0
 

Author Closing Comment

by:Ampletrix
ID: 40646090
It worked for me, after hours of going through events and noise in logs.
Thank you.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question