none
Trace an Active Directory item? RRS feed

  • Question

  • I came into an employer that had been using many bad practices with their AD setup. Is there any way to trace what a group or user is communicating with?
    Monday, June 12, 2017 12:46 PM

All replies

  • Hi,
    In my experience, it is hard to find out all detail application/program which a user account is communicate with. And there is no such inbuilt tool available to do that
    However, you could have a try to set audit policy and see if we could narrow down the scope. For example, we could use Account logon events policy to check which computer the user is logging in and see what application is installed on that computer.
    Alternatively, you could have a try using process monitor tool to see if you could capture something about applications, Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx
    Here is a similar thread, you could take a look:
    https://social.technet.microsoft.com/Forums/windows/en-US/64757cce-947a-41fa-8192-a54f9701fa9d/how-to-monitor-the-logedin-users-activity-in-active-directory?forum=winserverDS
    Best regards, 
    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, June 13, 2017 5:58 AM
    Moderator
  • The option what I can think of is using a netmon capture from the DCs and filter it with the group or username and see if there are any traffic which is getting captured. If there are anything captured, atleast you can try and verify what sort of request it is and from which client/server. 
    Tuesday, June 13, 2017 6:59 AM
  • Hi,

    I am checking how the issue is going, if you still have any questions, please feel free to contact us.

    And if the replies as above are helpful, we would appreciate you to mark them as answers, and if you resolve it using your own solution, please share your experience and solution here. It will be greatly helpful to others who have the same question.

    Appreciate for your feedback.

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, June 20, 2017 7:18 AM
    Moderator