PENDING LDAP Queries in SCCM Setup

[Nav4339]

I am busy with a project were I need to restructure my current AD and decommission 2 Domain Controllers. This involves creating new OUs and moving user accounts/service accounts and groups to different OUs as well.

Is it possible to run a PS command, or any type of report to determine if any applications are using those particular DC's for LDAP queries, and also which accounts and groups are also being used? We have 100s of applications and no documentation for the setup on them. If I can get a report of which IP is talking to the DC for LDAP a query, I can use that to match my application so narrow down and get the application updated to use the new DC. I can also do the same for the accounts as well.

 

[Sam Banford]

You could try enabling items 8 and/or 16 suggested here:

https://support.microsoft.com/en-us/help/314980/how-to-configure-active-directory-and-lds-diagnostic-event-logging

Otherwise you'll need to capture and parse security eventId 4624 on your DCs and look for items that list the DC itself as the "workstation", mentioned here:

Log LDAP access of the Active directory

I am looking for a method to log ldap access of a Active Directory domain controller. I want to be able to log the username and source IP address access to both 389, and 636(encrypted). A simple ...

serverfault.com