Solved

Finding LDAP queries targetting an OU

Posted on 2015-02-18
5
54 Views
Last Modified: 2015-03-04
Hello All,

We have a large organization with a messy Active Directory structure.
One thing that's a huge thorn in my side is that all the users are in the default users' container. This is something I've inherited, and have been trying to fix for a while (few months) now.
We'd like to rearrange our Active Directory structure a bit, but don't know what will break if we start moving users and OUs around.

I'm looking for a tool or way to find out what LDAP queries are targeting an OU, and if possible, where it comes from. In other words, the source of LDAP queries that targets specific OUs.

Any help and/or advice would be highly appreciated.
Thank you.

Ampletrix
0
Comment
Question by:Ampletrix
  • 3
  • 2
5 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 40619154
You can turn on field engineering diagnostic control and have it log LDAP queries issued against a DC.

However, it will generate a vast number of logs because *everything* makes LDAP queries, it's a big mess to sort through.

If you have a busy DC this is not at all advisable and even then perhaps only for extremely short intervals. Bit of a needle in a haystack problem I'm afraid.

Anyway, this is the how:

http://support.microsoft.com/kb/314980

You'd create a Reg DWORD 15 (Field Engineering) and set it's value to 4 (Verbose).

That leaves you with the problem of picking the exceptional requests you want out of the normal operational noise. It's a hard one to tackle unfortunately.

Chris
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 40619191
Apologies, slight error. The logging level would need to be set to 5 (not 4). It also needs Expensive Searches defining (the defaults lowering) to capture everything.

That's better described here:

https://msdn.microsoft.com/en-us/library/ms808539.aspx?f=255&MSPPError=-2147217396#efficientadapps_topic04

You'd want to drop the Expensive and Inefficient thresholds right down to capture everything.

Chris
0
 

Author Comment

by:Ampletrix
ID: 40620306
Hi Chris,

Thanks for your help.
I'm going to have to create a change request for this. Good old ITIL processes...  ;-)
I'll let you know how it goes.

Cheers.
Ampletrix
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 40620700
Good luck :)
0
 

Author Closing Comment

by:Ampletrix
ID: 40646090
It worked for me, after hours of going through events and noise in logs.
Thank you.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now