Enable LDAP-Diagnose (Domain Controller / Active Directory)

Set registry value
Path: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics]
Value-Name: "16 LDAP Interface Events"
Value-Type: DWORD
Value: 2
Set registry value via powershell
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\ -Name "16 LDAP Interface Events" -Value 2 -Type DWord
Check LDAP-Events

Open Event-Viewer and browse to “Applications and Services Logs” –> “Directory Service”. There you can find the LDAP-Events. You can filter for Event-ID “2889” to only get the necessary entries.

Check LDAP-Events with powershell
Get-WinEvent -LogName "Directory Service" | select TimeCreated, Message, ID | ? ID -eq 2889 | fl TimeCreated, Message
Disable LDAP-Diagnose with powershell
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\ -Name "16 LDAP Interface Events" -Value 0 -Type DWord