Results 1 to 4 of 4

Thread: How to use ldp.exe in Active Directory

  1. #1
    Join Date
    Apr 2009
    Posts
    89

    How to use ldp.exe in Active Directory

    I am giving some tips for using the ldp.exe in Active Directory.

    Close ADSI Edit as well and open hours ldp.exe tool that can always find under C: \ Program Files \ Support Tools. ldp.exe will allow us to experience what we have said so far, it'll make it through a connection to the LDAP server and a query, our goal is to get as result a list of the groups they belong to class objects user in a specific Organizational Unit (Domain Users). Believe me ... becomes more difficult to describe that to do so. After opening ldp.exe Go to the Connection menu, and select Connect, you will next be prompted to enter some data, normally need only enter the address of a Domain Controller. In my case insert localhost because I'm working on the same Domain Controller. Appear on the screen some log messages and you will immediately see if the connection was successful. The only connection to the LDAP server, fortunately not enough to get information, you should now establish a complete binding using a domain user account authorized. Connection menu, select the Bind entry, enter the required information and then press the OK button. Again, some log messages to confirm the successful operation. Once that's done you will have the binding ability to use all the commands available under the Browse menu, for this example will only use the Search function ... select it.

  2. #2
    Join Date
    Apr 2009
    Posts
    90

    Re: How to use ldp.exe in Active Directory

    Compile the data required by the Search dialog box, in particular,
    • Base DN should be the basic position from which you want to start your search, in my case I run across the entire domain, but only between the objects in the Domain Users OU, so specify how base dn only the LDAP path of this OU.
    • Filter is a filter for research, practice is the key to our actual research and the asterisk acts as a wildcard character (is not supported for all types of attribute) used alone and can not specify any filter. As a filter you can use both values refer to classes of objects attributes (remember the layout of the scheme explained earlier AD?). For now I'll just look for the only objects of class user because my intention is to get the list of groups to which each user is part of the content in these organizations.
    • The Scope parameter to specify the depth of research, namely the number of tiers from the base DN where the search will be performed, we think that it is restricted to analyze only the objects in this specific OU? Or we could use to analyze the level immediately after or even the entire tree? In my case, the choice will not make any difference because there are other organizational units within the Base Dn "Domain Users", then leave the item selected subtree.

  3. #3
    Join Date
    Oct 2008
    Posts
    101

    Re: How to use ldp.exe in Active Directory

    But I have yet expressed any desire to see how the groups they belong to any users contained in the Base DN for this operation will use the Options button that you see highlighted in the previous image. The string Attributes allows you to specify a list of all the attributes that are returned in output when they are found objects that meet the search filter preset. Then proceed by adding to the list of instill memberOf attributes and putting a semicolon to end the string. At what point, simply press the OK button to accept the changes and then Run to run the query. A word of advice: at a later time, educational purposes only, try to render the attribute "pwdLastSet" and enjoy the results of search ... you will see the exact date of the last password changes performed by the user. The output generated by the research is certainly not easy to read, in any case we note that two people were found in the Base Dn considered and that only one of them is part of a group, for accuracy the user ComPaCt is part of two groups: Admins and IT Department. If you edit your search options by eliminating the display of all attributes except memberOf could significantly improve the readability. You should also know about the AdFind. Unfortunately, the output provided by the instrument ldp.exe not particularly neat and reusable. To meet the needs of all you point out the existence of AdFind downloaded from here . This is a very versatile but at first sight will be as complicated to use, this page you can find his complete manual.

  4. #4
    Join Date
    Nov 2008
    Posts
    109

    Re: How to use ldp.exe in Active Directory

    AdFind offers available, however some advanced features that allow you to redirect the output to a text file or csv, and to improve, sort and filter results. The above command may actually be considerably simplified, because the computer from which I run part of a domain should not be necessary to specify the data connection to the LDAP server, it will be selected automatically by exploiting the capabilities of Active Directory and the binding will use the credentials provided by an integrated Windows authentication. We have seen that it is possible to extrapolate AdFind ldp.exe that information by applying a search filter (I refer to the Filter field of ldp.exe or switch-f Adfind), previously have come down in detail and I limited to use a simple (objectclass = user) to search for all objects of class user. MemberOf attribute is a Distinguished Name and then type when used as a filter does not support wildcard specified and must be full.

Similar Threads

  1. Replies: 5
    Last Post: 22-05-2010, 07:33 AM
  2. Active Directory Win2K
    By pwoodhouse in forum Windows Software
    Replies: 1
    Last Post: 12-03-2010, 12:06 AM
  3. How to take backup of Active Directory
    By Matrix316 in forum Operating Systems
    Replies: 3
    Last Post: 15-10-2009, 11:45 AM
  4. Active Directory in Linux
    By Benjamin in forum Networking & Security
    Replies: 3
    Last Post: 16-07-2009, 11:54 AM
  5. Active Directory and DMZ
    By maketu in forum Windows Security
    Replies: 1
    Last Post: 19-02-2008, 01:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •