Finding Evil LDAP Queries

Have you ever wondered what LDAP queries were hitting your domain controllers? Even outside of fun investigations, it can be insightful to get a sampling of queries hitting your domain controller. The more services you have integrated with Active Directory, the more likely a vendor or sysadmin unwittingly configured their service to produce evil queries.

Mark Morowczynski from Microsoft wrote a great post on finding these expensive, inefficient, or long running queries - But something was missing. Screen shots of regedit? If you have more than a handful of domain controllers, enabling and disabling this logging is going to be quite a chore.

Here's a quick bit on using PowerShell to enable and disable this logging quickly. Take a peek, you might find some misbehaving applications.

About the Author

Warren Frame

Profile photo of Warren Frame

Systems Engineer with a penchant for PowerShell, science, cooking, information security, family, cookies, and the Oxford comma.