Hi All,

Good day.

I am getting a task from my organization to trace down the LDAP communication which is initiated from multiple Windows 10 devices to the domain controller.

So far the only way to trace this as per my knowledge is to enable the LDAP logging in Domain controller and wait the LDAP traffic to be triggered from Windows 10 machine to the domain controller. When the communication triggered and recorded in event logs, we can narrow down the source port information, which we can try to find what is the process that running using the specific port.

However the above approach is only possible on real-time basis.

Would you be able to advise whether any possible way to trace down the process which is using the LDAP communication without waiting the communication to be triggered ?

Thank you in advanced.