Public/Get-LDAPQueryLogging.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
function Get-LDAPQueryLogging {
<#
    .SYNOPSIS
        Check the diagnostic LDAP query logging settings on a domain controller
 
    .DESCRIPTION
        Check the diagnostic LDAP query logging settings on a domain controller
 
    .FUNCTIONALITY
        Active Directory
 
    .PARAMETER ComputerName
        One or more domain controllers
 
    .EXAMPLE
        Get-LDAPQueryLogging -ComputerName DS999
 
        Check to see what the LDAP logging registry values are set to on DS999
     
    .EXAMPLE
        'DS1', 'DS2' | Get-LDAPQueryLogging -ComputerName DS999
 
        Check to see what the LDAP logging registry values are set to on DS1 and DS2
 
    .LINK
        https://github.com/RamblingCookieMonster/PSLDAPQueryLogging
 
    .LINK
        Test-LDAPQueryLoggingPrerequisites
 
    .LINK
        Enable-LDAPQueryLogging
 
    .LINK
        Disable-LDAPQueryLogging
 
    .LINK
        http://blogs.technet.com/b/askpfeplat/archive/2015/05/11/how-to-find-expensive-inefficient-and-long-running-ldap-queries-in-active-directory.aspx
    #>
    
    [cmdletbinding()]
    param (
        [parameter(ValueFromPipeline=$true,
                   ValueFromPipelineByPropertyName=$true)]
        [string[]]$Computername = $env:COMPUTERNAME
    )
    process
    {
        foreach($Computer in $ComputerName)
        {
            # Enable
            Try
            {
                Get-RegDWord -ComputerName $Computer -Hive LocalMachine -Key 'System\CurrentControlSet\Services\NTDS\Diagnostics' -Value '15 Field Engineering'
            }
            Catch
            {
                Write-Warning "$Computer`: $($_.Exception.Message)"
            }

            # Get reasonably thresholds
            Try
            {
                Get-RegDWord -ComputerName $Computer -Hive LocalMachine -Key 'SYSTEM\CurrentControlSet\Services\NTDS\Parameters' -Value 'Expensive Search Results Threshold' -ErrorAction Stop
            }
            Catch
            {
                Write-Warning "$Computer`: $($_.Exception.Message)"
            }
            Try
            {
                Get-RegDWord -ComputerName $Computer -Hive LocalMachine -Key 'SYSTEM\CurrentControlSet\Services\NTDS\Parameters' -Value 'Inefficient Search Results Threshold' -ErrorAction Stop
            }
            catch
            {
                Write-Warning "$Computer`: $($_.Exception.Message)"
            }
            Try
            {
                Get-RegDWord -ComputerName $Computer -Hive LocalMachine -Key 'SYSTEM\CurrentControlSet\Services\NTDS\Parameters' -Value 'Search Time Threshold (msecs)' -ErrorAction Stop
            }
            Catch
            {
                Write-Warning "$Computer`: $($_.Exception.Message)"
            }
        }
    }
}