Event ID 1644: LDAP searches.
|Description||This event logs an entry for each LDAP search made by a client against the directory that breaches the inexpensive and/or inefficient search thresholds. It will only be logged if you set the Field Engineering reg key to 5 or higher.|
The event logs the following information:
- Starting node
- Search scope
- Attribute selection
- sAM Account name
- Server controls
- Visited entries
- Returned entries
Reasons to monitor this event:
It can provide useful information if you are running applications that regularly generate expensive or inefficient queries.
- ADAudit Plus collects all the logs that record this event and present it in the form of a report.
- These reports are generated in real time and represent every LDAP search made, with details about who made it, and from which domain controller.
- These reports can also be included in alert profiles to notify the administrators when an LDAP search is made.