• caglararli@hotmail.com
  • 05386281520

How to prevent AD object information export by a LDAP Export tool from workgroup computer

Çağlar Arlı      -    48 Views

How to prevent AD object information export by a LDAP Export tool from workgroup computer

I have a question regarding Active Directory Security. I can export Active Directory Object information by any 3rd party LDAP Export tool from any workgroup computer which is connected in my network. For example: I used LDAPDomainDump tool. I installed it in a linux machine which is connected in my network but not in my domain. When I ran it, it showed to put a user credential which can be either administrator or even normal user. If I give the normal domain user credential and after that I can easily export my Active Directory object information. Now, it is a big concern for my security. If I need admin credential to export it then it is okay for me but how can I export it by a normal user's credential from a workgroup device.

I checked my audit log and found that it's accepted as a Logon Type 3 request. Now, my question is how can I prevent it? Is there any way to prevent it by any AD policy or 3rd party tool or from network side?