Announcement

Collapse
No announcement yet.

tracking AD Authentication Requests

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • tracking AD Authentication Requests

    Afternoon all,

    I have been requested to put together a list of applications that utilise Active Directory for the authentication of users. The client is running windows 2003 r2 and vista clients.

    Any ideas would be appreciated.

    Thanks

    Ricky

  • #2
    Re: tracking AD Authentication Requests

    Most Microsoft back office products, particularly Exchange.
    SQL Server can use AD, as (IIRC) can ISA
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: tracking AD Authentication Requests

      Sorry Ossian,

      I meant to say, i need to put a list for the applications within the environment that are currently utilising AD as opposed to a list of apps that possibly can.

      Thanks

      Ricky

      Comment


      • #4
        Re: tracking AD Authentication Requests

        <Crystal Ball:=Reboot>
        But we don't know what applications are in your environment.

        Are you asking for advice on HOW to create such a list?
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: tracking AD Authentication Requests

          Thats correct. How do i interogate AD to find out which apps are authenticating to it. currently i can see which users are requesting authentication, but not which application (sqlserver, exchange for example) is sending the request through.

          don't know if it is possible.

          ricky

          Comment


          • #6
            Re: tracking AD Authentication Requests

            You possibly need a program like GFI Eventsmanager to check the logs for authentication. It can give you a good idea of what is authenticating.
            GoogleFu is strong with this one ^

            Comment


            • #7
              Re: tracking AD Authentication Requests

              Originally posted by dugganr View Post
              Thats correct. How do i interogate AD to find out which apps are authenticating to it. currently i can see which users are requesting authentication, but not which application (sqlserver, exchange for example) is sending the request through.

              don't know if it is possible.

              ricky
              To get an idea you could use a Packet capture program such as Network Monitor or Wireshark in Premiscouous Mode (Be sure to get a written permission from the system owner for that first though) and then filter the Capture or Display to Authentication Traffic (Kerberos/ NTML) or/and
              LDAP traffic (TCP/UDP 389, 3268,636, 3269).

              There is a distinction between the two, Kerberos/NTLM are used to authenticate users and LDAP protocol is used by various apps to bind to the AD database.
              Caesar's cipher - 3

              ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

              SFX JNRS FC U6 MNGR

              Comment

              Working...
              X