Event ID 1644: LDAP searches.
|Description||This event logs an entry for each LDAP search made by a client against the directory that breaches the inexpensive and/or inefficient search thresholds. It will only be logged if you set the Field Engineering reg key to 5 or higher.|
The event logs the following information:
- Starting node
- Search scope
- Attribute selection
- sAM Account name
- Server controls
- Visited entries
- Returned entries
Reasons to monitor this event:
It can provide useful information if you are running applications that regularly generate expensive or inefficient queries.
- ADAudit Plus collects all the logs that record this event and present it in the form of a report.
- These reports are generated in real time and represent every LDAP search made, with details about who made it, and from which domain controller.
- These reports can also be included in alert profiles to notify the administrators when an LDAP search is made.
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools