Re: AD Enabled Apps
- From: MCSE_Sec <MCSESec@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 3 Jun 2008 15:10:03 -0700
Ok. More specifically, I want to know see what applications have modified
the schema (forest prep) and created their own objects/attributes. I am
looking for a way to "scan" (for) this and see what is different from the
"default" installation.
"Tomasz Onyszko" wrote:
MCSE_Sec wrote:.
What can I use to identiy these apps within a forest?
Basically ... not much. AD is not application aware, unless applications
are registering things like service principal names or service
connection points. This might be a clue that there is service or app
which is related to directory somehow ... but this isn't very helpful.
Other thing You may want try to do is to log queries on a DCs for some
time using diagnostic event logging and setting "innefficiency" level low:
http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/articleId/41/Logging-LDAP-searches-AD-and-ADAM.aspx
This will help you identify clients which are querying your AD ... this
might be first step to look for apps or business services which are
utilizing your AD.
--
Tomasz Onyszko
http://www.w2k.pl/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)
- References:
- AD Enabled Apps
- From: MCSE_Sec
- Re: AD Enabled Apps
- From: Tomasz Onyszko
- AD Enabled Apps
- Prev by Date: Re: 1st DC in Small Domain Failed, _msdcs still points to 1st DC
- Next by Date: Re: 1st DC in Small Domain Failed, _msdcs still points to 1st DC
- Previous by thread: Re: AD Enabled Apps
- Next by thread: Windows 2008 Trust To MIT Kerberos Server
- Index(es):
Relevant Pages
|
Loading
