With Native AD Auditing
With ADAudit Plus
Login to ADAudit Plus web console as an administrator.
Navigate to the Server Audit tab and from the LDAP Auditing section in the left pane, select (i) Number of LDAP queries and (ii) Recent LDAP Queries reports. You can generate the results for the time period of your choice.
Select the domain and click Generate.
Select Export As to export the report in any of the preferred formats (CSV, PDF, HTML, CSVDE and XLSX).
This report displays the LDAP logs that are expensive and inefficient.
This report displays the LDAP queries made within a specific time period.
Enable LDAP auditing Open Registry Editor. Go to HKEY_LOCAL_MACHINE -> SYSTEM -> CurrentControlSet -> Services -> NTDS -> Diagnostics. Note: Set '15 Field Engineering' to '5'. This enables Expensive and Inefficient LDAP calls to be logged in Event Viewer.
View the logs Go to Event Viewer -> Filter Security log to locate the event IDs 1643 (to identify the expensive and inefficient LDAP logs) and 1644 (to identify the recent LDAP queries).
The details shown in Event Viewer are:
Time of the event
LDAP query search root
Native auditing becoming a little too much?
Simplify Active Directory auditing and reporting with ADAudit Plus.Get Your Free Trial Fully functional 30-day trial
Here are some of the limitations to generate a report of LDAP queries in Active Directory using native auditing:
- Here are some of the limitations to generate a report of LDAP queries in Active Directory using native auditing:
- It's difficult to generate the report for different time zones and date formats.
With ADAudit Plus, it is easy to obtain a report of LDAP searches in Active Directory in just a few clicks. The details like who made the search, and from which domain controller, are displayed in a simple and intuitively designed UI. This report can also be included in alert profiles to notify the IT administrators when an LDAP search is made.