Live Demo
Free Edition
Download NowSystem Event » Windows Server Event: 1644
Event ID 1644: LDAP searches.
| Description | This event logs an entry for each LDAP search made by a client against the directory that breaches the inexpensive and/or inefficient search thresholds. It will only be logged if you set the Field Engineering reg key to 5 or higher. |
| Category | Directory service |
| Subcategory | Field engineering |
The event logs the following information:
- Client
- Starting node
- Search scope
- Filter
- Subtree
- Attribute selection
- sAM Account name
- Server controls
- Visited entries
- Returned entries
Reasons to monitor this event:
It can provide useful information if you are running applications that regularly generate expensive or inefficient queries.
Pro tips:
- ADAudit Plus collects all the logs that record this event and present it in the form of a report.
- These reports are generated in real time and represent every LDAP search made, with details about who made it, and from which domain controller.
- These reports can also be included in alert profiles to notify the administrators when an LDAP search is made.
Explore Active Directory auditing and reporting with ADAudit Plus.
Account Management Auditing
Active Directory Auditing
Windows Server Auditing
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools