Find / List LDAP / connections to Windows 2003 Domain Controller

My goal is to retire our old Windows 2003 DC however, we have a large number of network devices that could be communicating with this server.
So rather than switching it off and figuring out what has broken, can someone please tell me the best way to find all connections being made to the old DC? Presumably these would be just LDAP connections. I am not interested in DNS queries.
Thanks for your help.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AmitIT ArchitectCommented:
That's bit complicated task. First, what I do, I change the Weight and Priority of a Domain Controller. This way, Stop user or member server to use it as first hop. Though it is available, however it will work only, if all other DC's are down.

How to do it:


Next, I enable netlogon logging after applying above settings. Then review the logs for any traffic. If you still see traffic, 99% someone have hardcoded the DC IP or Name. Just run below cmd

nltest /dbflag:0x2080ffff

If you still want to drill down more, we can use perfmon to dissect the traffic to DC. Here is one article, I used to decom one of my domain.

note: try to keep .etl size small. else it won't open with excel.

Let me know, if that helps.
Dirk KotteSECommented:
would use wireshark, capture traffic for some time and look for ldap(s) and other needed services.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
the tracking of ldap can be done (normally) by Server Performance Advisor (SPA) for Windows 2003 or Data Collector sets
Specifically, set performance counter on the server, run the collection and check the report for ldap queries
But do note, such log can grows very fast for heavily used AD with a 5 minute trace grew ~100MB so maybe consider at max 15 min and monitor the log folder location does not hit the CPU to hard. See example,
LDAP requests. There's one more anomaly-we should investigate. In the Summary section of Figure 1, if you click the Top Client hotlink, SPA displays the Clients with the Most CPU Usage subsection of the LDAP Request section of the report. Sure enough, the client at is the prime offender.

When you expand the entry for that IP address, SPA displays a summary of the operations the client performed and the percentage of CPU resources each operation consumed

Or a tool from sysinternals for LDAP real-time monitoring tool such as ADInsight
real-time monitoring tool aimed at troubleshooting Active Directory client applications. Use its detailed tracing of Active Directory client-server communications to solve Windows authentication, Exchange, DNS, and other problems.

the_omnificAuthor Commented:
Exactly as described.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.