How to turn on debug logging of the LDAP client (Wldap32.dll)

Applies to: Windows Server 2019, all editionsWindows Server 2016Windows Server 2012 R2

Summary


In Windows Vista and newer versions of Windows, you can use Event Tracing for Windows (ETW) to trace LDAP client activity, including encrypted (TLS or SASL) activity.

More information


To turn on LDAP client tracing, follow these steps:

  1. Create the following registry subkey:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ldap\Tracing\<ProcessName>
  2. To start a tracing session, run the following command at a command prompt:
    logman create trace "ds_ds" -ow -o c:\ds_ds.etl -p "Microsoft-Windows-LDAP-Client" 0x1a59afa3 0xff -nb 16 16 -bs 1024 -mode Circular -f bincirc -max 4096 -ets
  3. Reproduce the behavior that you want to investigate.
  4. To stop the tracing session, run the following command:
    logman stop "ds_ds" -ets

To view the trace as text, use the netsh tool to decode the ETL file as a .txt file, as follows:

netsh trace convert input=c:\ds_ds.etl output=LDAP_CLIENT-formatted.txt

For more information about netsh trace convert, see the netsh trace convert help. To do this, enter netsh trace convert /? at the command prompt.