Goal: To identify attackers attempting to gather information about Active Directory objects or to exploit vulnerabilities in the LDAP protocol.
Approach: Monitoring LDAP queries and analyzing attacker behavior. This element involves configuring a deceptive LDAP server that responds to specific queries with misleading or deceptive information.
Attackers who attempt to interact with the deceptive LDAP server will be identified and their actions will be logged. This information can be used to improve defenses and make it more difficult for attackers to compromise the Active Directory environment.