Search
Generic filters
Exact matches only
Filter by Custom Post Type

Finding Evil LDAP Queries

Have you ever wondered what LDAP queries were hitting your domain controllers? Even outside of fun investigations, it can be insightful to get a sampling of queries hitting your domain controller. The more services you have integrated with Active Directory, the more likely a vendor or sysadmin unwittingly configured their service to produce evil queries.

Mark Morowczynski from Microsoft wrote a great post on finding these expensive, inefficient, or long running queries - But something was missing. Screen shots of regedit? If you have more than a handful of domain controllers, enabling and disabling this logging is going to be quite a chore.

Here's a quick bit on using PowerShell to enable and disable this logging quickly. Take a peek, you might find some misbehaving applications.


Comments are closed.

Skip to toolbar