Hello,
Yes, you can use a PowerShell script to identify applications that use LDAP for authentication. Here's a basic approach to get you started:
Enable LDAP Diagnostics Logging: First, you need to enable LDAP diagnostics logging on your domain controllers. This can be done using Group Policy or PowerShell. Here's how to enable it using PowerShell:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics" -Name "16 LDAP Interface Events" -Value 2
Collect LDAP Logs: Once logging is enabled, you can collect the logs to identify which applications are making LDAP queries. Use the following PowerShell script to query the Event Log for LDAP connections:
$Hours = 24
$DCs = Get-ADDomainController -Filter *
$InsecureLDAPBinds = @()
foreach ($DC in $DCs) {
$Events = Get-WinEvent -ComputerName $DC.HostName -LogName "Directory Service" -FilterHashtable @{Id=2889; StartTime=(Get-Date).AddHours(-$Hours)} | Select-Object -Property TimeCreated, Message
$InsecureLDAPBinds += $Events
}
$InsecureLDAPBinds | Format-Table -AutoSize
This script will gather LDAP bind events from the Directory Service event log on all domain controllers for the past 24 hours. You can adjust the $Hours variable to change the time frame.
Analyze the Logs: Review the output to identify the source IP addresses or hostnames of the applications making LDAP queries. This will help you pinpoint which applications need their settings updated.