Update adds user name information to Directory Services event ID 1644 in Windows 8.1 or Windows Server 2012 R2

Applies to: Windows Server 2012 R2 DatacenterWindows Server 2012 R2 StandardWindows Server 2012 R2 Essentials

This article describes a software update that adds user details to event ID 1644 for Lightweight Directory Access Protocol (LDAP) query in Windows 8.1 or Windows Server 2012 R2. Before you apply this update, notice that this update has a prerequisite.

About this update

You are using event ID 1644 to track what LDAP requests are sent to a domain controller or Active Directory Lightweight Directory Service (AD LDS). However, the client IP address in the event does not give you enough information about who sent the request.

After you install this update, the event contains additional query details, and these details include the user name who issued the query.

Note The user name in the event is what the user is authenticated as. It can be:
  • Windows user name in domain\user format.
  • AD LDS user distinguished name (DN).
  • The literal string "UNAVAILABLE". This is used when the client is internal to the Directory Service instance, such as the Knowledge Consistency Checker (KCC).

How to obtain this update

We have released a hotfix that contains this software update for Windows 8.1 or Windows Server 2012 R2.

Hotfix information

Important Do not install a language pack after you install this hotfix. If you do, the language-specific changes in the hotfix will not be applied, and you will have to reinstall the hotfix. For more information, see Add language packs to Windows.

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix Download Available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft website: Note The "Hotfix Download Available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.


To apply this hotfix, you must have April 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355) installed in Windows 8.1 or Windows Server 2012 R2.

Registry information

To use the hotfix in this package, you do not have to make any changes to the registry.

Restart requirement

You may have to restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix replaces hotfix 2800945 for Windows Server 2012 R2 domain controllers, and also replaces all fixes that contains the ntdsai.dll file.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.


See the terminology that Microsoft uses to describe software updates.