I am in the process of migrating my domain controllers to new IPs and since we have several applications that use LDAP for authentication, I must change the DC ip in the settings of those applications (JIRA , vmware , ...). my question is: is there a sol

Ibrahim Al Battashi 0 Reputation points
2024-11-11T04:30:47.43+00:00

I am in the process of migrating my domain controllers to new IPs and since we have several applications that use LDAP for authentication, I must change the DC ip in the settings of those applications (JIRA , vmware , ...).

my question is: is there a solution to identify all the applications which use LDAP using a (script

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,732 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Wesley Li 10,570 Reputation points
    2024-11-11T16:13:19.4633333+00:00

    Hello,

    Yes, you can use a PowerShell script to identify applications that use LDAP for authentication. Here's a basic approach to get you started:

    Enable LDAP Diagnostics Logging: First, you need to enable LDAP diagnostics logging on your domain controllers. This can be done using Group Policy or PowerShell. Here's how to enable it using PowerShell:

    Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics" -Name "16 LDAP Interface Events" -Value 2

    Collect LDAP Logs: Once logging is enabled, you can collect the logs to identify which applications are making LDAP queries. Use the following PowerShell script to query the Event Log for LDAP connections:

    $Hours = 24

    $DCs = Get-ADDomainController -Filter *

    $InsecureLDAPBinds = @()

     

    foreach ($DC in $DCs) {

        $Events = Get-WinEvent -ComputerName $DC.HostName -LogName "Directory Service" -FilterHashtable @{Id=2889; StartTime=(Get-Date).AddHours(-$Hours)} | Select-Object -Property TimeCreated, Message

        $InsecureLDAPBinds += $Events

    }

     

    $InsecureLDAPBinds | Format-Table -AutoSize

    This script will gather LDAP bind events from the Directory Service event log on all domain controllers for the past 24 hours. You can adjust the $Hours variable to change the time frame.

    Analyze the Logs: Review the output to identify the source IP addresses or hostnames of the applications making LDAP queries. This will help you pinpoint which applications need their settings updated.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.