14

I am spoiled, and have been doing most of my LDAP work with eDirectory, which has a utility called DSTrace which is lovely, and for LDAP specifically, will show you all the bind attempts, the source IP's, the searches passed in, a summary of the matched objects returned.

When debugging an LDAP application, like SAP GRC I was trivially able to figure out what the application was doing wrong, just by watching what it did.

I know the Security Event log will have some of this information (bind attempts at least) but there has to be a better way? Is there any such functionality?

I see a question Debugging AD that is close, but only suggests login events. I need much more on a day to day basis to manage LDAP applications.

Community
  • 1
geoffc
  • 2,185

3 Answers3

7

For real time monitoring of LDAP, you might try the Sysinternals ADInsight tool.

jscott
  • 25,114
shorinsean
  • 86
  • 2
3

The Directory Service team blog has an article on configuring netmon to make LDAP more readable but it talks more specifically about ADLDS. It may suffice?

http://blogs.technet.com/b/askds/archive/2011/05/27/viewing-adlds-traffic-with-netmon-where-is-my-ldap.aspx

Basically packet capturing seems to be the "free" way of doing this.

-Lewis

Lewis
  • 707
2

Have you looked at LDP (ldp.exe), or are you seeking something more for monitoring LDAP in realtime?

http://support.microsoft.com/kb/224543

If you are looking for more realtime logging, you can crank up the event log verbosity with AD Diagnostic Logging:

http://technet.microsoft.com/en-us/library/cc961809.aspx

Ben Short
  • 698