Reputation: 1
Active Directory lightweight services missing some eventlog entries
I use an ADLDS instance and have enabled "15 Field Engineering" via registry to enable debug logging in event log for LDAP queries made by clients.
So far all works great, I have created an OU on the adls server, created a user and gave him read access to query entries within this OU. As expected, the eventlog created an entry with event-id 1644 with all information.
Now I have created a second separate OU with a new separate user with read access to the new OU.
When doing LDAP queries with this user in the new OU, the eventlog is missing the event.
So far I checked the attributes on the user and OU if there is a flag for logging, but cant see on.
I have disabled and re-enabled the registry keys, restarted the server to get it working.
Is there some other option I need to activate that it works? Thought cant remember doing something special when creating the first user / OU.
Upvotes: 0
Views: 193
Answers (1)
Reputation: 1
After a while I came around two additional parameters to be set
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_<Instance>\Parameters
There, add two additional dwords and set them to 1
"Expensive Search Results Threshold"
"Inefficient Search Results Threshold"
Restart the service and any query will be in the event log.
Upvotes: 0
Related Questions
- create user using java in Active Directory Lightweight Directory Services
- MariaDB Active Directory Authentication
- Could not connect to Active Directory services through LDAP in JAVA
- What are the differences between LDAP and Active Directory?
- External authentication via LDAP
- Managing Active Directory securely from another computer
- Does Active Directory Lightweight Directory Services (AD LDS) support DirSync?
- LDAP & Active Directory results missing fields for some results