How to audit LDAP queries
LDAP queries can be used to find objects that meet certain criteria in the AD database such as the list of disabled user accounts, users with empty email value, groups created within the last 30 days, and so on. Auditing LDAP queries can help system admins ensure that the directory is not compromised and can also provide handy information if an organization is running applications that frequently generate expensive or inefficient queries.
The following is a comparison between auditing LDAP queries using native auditing and ManageEngine's ADAudit Plus, a comprehensive real-time Active Directory auditing solution.