Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

With Native AD Auditing

  • Enable LDAP auditing Open Registry Editor. Go to HKEY_LOCAL_MACHINE -> SYSTEM -> CurrentControlSet -> Services -> NTDS -> Diagnostics. Note: Set '15 Field Engineering' to '5'. This enables Expensive and Inefficient LDAP calls to be logged in Event Viewer.
  • View the logs Go to Event Viewer -> Filter Security log to locate the event IDs 1643 (to identify the expensive and inefficient LDAP logs) and 1644 (to identify the recent LDAP queries).
The details shown in Event Viewer are:
  • Username
  • Time of the event
  • LDAP query search root
  • LDAP query

Here are some of the limitations to generate a report of LDAP queries in Active Directory using native auditing:

  • It's difficult to generate the report for different time zones and date formats.
  • With ADAudit Plus, it is easy to obtain a report of LDAP searches in Active Directory in just a few clicks. The details like who made the search, and from which domain controller, are displayed in a simple and intuitively designed UI. This report can also be included in alert profiles to notify the IT administrators when an LDAP search is made.

With ADAudit Plus

  • Login to ADAudit Plus web console as an administrator.
  • Navigate to the Server Audit tab and from the LDAP Auditing section in the left pane, select (i) Number of LDAP queries and (ii) Recent LDAP Queries reports. You can generate the results for the time period of your choice.
  • Select the domain and click Generate.
  • Select Export Asto export the report in any of the preferred formats (CSV, PDF, HTML, CSVDE and XLSX).

This report displays the LDAP logs that are expensive and inefficient.

This report displays the LDAP queries made within a specific time period.

  image of  

x

ADAudit Plus Trusted By