How to trace and debug LDAP connections against Active Directory ? Used to operate traditionnal directory servers (OpenDJ, OpenLDAP, DSEE,…) and its tools, Janua’s consultants are a little frustated when working on identity management projects involving AD. So you may find below a few links and tips to understand what is going on the AD side:

First of all, take a look at LDP (ldp.exe):

If you are looking for more realtime logging, you can crank up the event log verbosity with AD Diagnostic Logging:

https://technet.microsoft.com/en-us/library/cc961809.aspx

For real time monitoring of LDAP, you might try:

Sysinternals ADInsight tool

Basically packet capturing seems to be the “free” way of doing this. The Directory Service team blog has an article on configuring netmon to make LDAP more readable but it talks more specifically about ADLDS:

https://blogs.technet.com/b/askds/archive/2011/05/27/viewing-adlds-traffic-with-netmon-where-is-my-ldap.aspx

janua
Les derniers articles par janua (tout voir)