I looking for the best way to get information about the LDAP/LDAPS authentication from applications to my DC (2016)
I found :
- Events ID 2889 for LDAP requests
- Events ID 4624 that I only plan to keep only if the logon type is "network logon" (3)
What else can I get? How can I more information? How can I filter the 4624 events to only keep LDAP(S) request to my DC?
Thanks in advance