As I understand it...
The Directory Service Query Tool is used to query Active Directory (via LDAP) to return users and groups to create access accounts to use LEM.
The Directory Service Log Connector is used to query the AD logs to return event data.
As far as I know there's no crossover between either. You use the DSQT if you need to create AD-based LEM accounts. You use the DSLC to get AD-specific log data.
2 of 2 people found this helpful
LGarvin is correct.
The Directory Service Query Tool (with the orange wrench) is how you configure the LEM to reach out to LDAP and pull in information about users (so you can log in with domain credentials) and groups. It's also how the LEM will perform response actions on AD if your rules call for it, like unlocking or disabling accounts.
The Directory Service Log Connector (the blue wrench) is a reader: it looks for Directory Service logs, and normalizes them for the alert database.
As a note, we use that color code with all connectors: blue connectors are usually passive, gathering data and normalizing it for the LEM. Orange connectors are there to perform some sort of action, which is why the Email Active Response connector is Orange, but the Exchange log connectors are blue.