Thanks! FWIW I just tried ADFIND and forced it to fail, but it produced no logging in my machine application log (or any other) logs on my local system.
Dave From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2008 2:12 PM To: NT System Admin Issues Subject: RE: LDAP authentication failures / logging No, it's not a DC level error, it's an application level error. The application should log the error, not the DC. You can use netmon or wireshark to monitor ldap traffic. I think you can turn up LDAP debugging to such a ridiculous level that those get logged, but you'll flood your DCs. And yes, use adfind (www.joeware.net<http://www.joeware.net>) or dsquery (already on your windows 2003 servers). Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael Link with me at: http://www.linkedin.com/in/theessentialexchange From: David Lum [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2008 5:07 PM To: NT System Admin Issues Subject: LDAP authentication failures / logging If an application is using LDAP to talk to AD and it tries to reference an OU that doesn't exist, will a DC log an error? Example: We have an application that will remain nameless but rhymes with HP Quality Center. LDAP import settings points to our "Portland Users" OU. If U rename the OU - which will break the LDAP config - will the DC log any attempt to talk to "Portland Users"? Additionally, does anyone have (or know of) a simple app that I can throw in my test environment to test such activity? I can't test the production stuff and have no dev environment for this particular scenario... David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
