I just noticed that my dc (W2k3 R2 Enterprise SP2) is sending ldap queries to an IP address that is assigned to a NAS device (snapserver). The snapserver is in another AD site and has Active Directory integration listed as a feature. I have no idea how it is configured since I have no access to it.
TCP SRC: 172.20.20.50:389 dest: 172.22.50.100:34252 TIME_WAIT 0 TCP SRC: 172.20.20.50:389 dest: 172.22.50.100:35846 ESTABLISHED 392 TCP SRC: 172.20.20.50:389 dest: 172.22.50.100:35847 ESTABLISHED 392
PID 392: lsass.exe
An example 1858 47.661264 Src=172.20.20.50 Dest=172.22.50.100 LDAP searchResEntry(69) "CN=Harry Potter,OU=LaLaLand,OU=Space,,DC=company,DC=com"
All the queries run up to 2 GB of outgoing traffic over a couple of hours. How can I troubleshoot this further?