13

I am spoiled, and have been doing most of my LDAP work with eDirectory, which has a utility called DSTrace which is lovely, and for LDAP specifically, will show you all the bind attempts, the source IP's, the searches passed in, a summary of the matched objects returned.

When debugging an LDAP application, like SAP GRC I was trivially able to figure out what the application was doing wrong, just by watching what it did.

I know the Security Event log will have some of this information (bind attempts at least) but there has to be a better way? Is there any such functionality?

I see a question Debugging AD that is close, but only suggests login events. I need much more on a day to day basis to manage LDAP applications.

geoffc
  • 2,135
  • 5
  • 25
  • 37
  • Nothing specific included with Windows I'm afraid other than utilities to work with the instances such as ldp.exe, ADSI Edit and Schema Management but they aren't going to give you real-time "what's the app doing?" results you're after. Something like Quest's Spotlight on AD Pack might contain something akin to what you're talking about? Albeit not free! – Lewis Jun 13 '11 at 21:32
  • I'm dying for a good answer to this as well. I have a similar need to trace LDAP connections for a problem we're having. Unfortunately, the best thing I've been able to come up with is some sort of Wireshark/Netmon packet capture which is really ugly. – Ryan Bolger Jun 13 '11 at 21:35
  • Interesting article on the Directory Service Team blog about configuring Network Monitor for parsing LDAP: http://blogs.technet.com/b/askds/archive/2011/05/27/viewing-adlds-traffic-with-netmon-where-is-my-ldap.aspx – Lewis Jun 16 '11 at 10:31

3 Answers3

7

For real time monitoring of LDAP, you might try the Sysinternals ADInsight tool.

jscott
  • 24,204
  • 8
  • 77
  • 99
shorinsean
  • 86
  • 2
  • 1
    Sean - just to let you know that you set off our 'spam alarm' as we get a lot of new accounts immediately linking to external sites. I took a look and it's obviously not spam but thought you should know for the future ok :) – Chopper3 Jun 15 '11 at 15:32
  • This looks very interesting, downloading to test. – geoffc Jun 15 '11 at 16:25
  • Thanks for the info. Presumably it won't be a problem in the future since my account's been created. – shorinsean Jun 15 '11 at 20:12
  • 2
    seems that the tool doesn't work anymore see here http://serverfault.com/questions/382665/are-there-alternatives-to-sysinternals-adinsight – Tilo Mar 04 '15 at 19:03
3

The Directory Service team blog has an article on configuring netmon to make LDAP more readable but it talks more specifically about ADLDS. It may suffice?

http://blogs.technet.com/b/askds/archive/2011/05/27/viewing-adlds-traffic-with-netmon-where-is-my-ldap.aspx

Basically packet capturing seems to be the "free" way of doing this.

-Lewis

Lewis
  • 707
  • 4
  • 6
2

Have you looked at LDP (ldp.exe), or are you seeking something more for monitoring LDAP in realtime?

http://support.microsoft.com/kb/224543

If you are looking for more realtime logging, you can crank up the event log verbosity with AD Diagnostic Logging:

http://technet.microsoft.com/en-us/library/cc961809.aspx

Ben Short
  • 678
  • 3
  • 7
  • 19
  • 1
    How would I use ldp.exe to monitor incoming binds, and queries, to troubleshoot a third party app? I will look at the diagnostic logging though. – geoffc Jun 14 '11 at 10:40
  • LDP can't be used for monitoring unfortunately, but is a rather verbose way of testing binds, queries etc for LDAP. You're better off upping the log level if you want to monitor the app in realtime. – Ben Short Jun 16 '11 at 00:26