Windows Server 2003 - LDP Support Tool UtilityLDP is the forgotten tool in the Windows Server 2003
toolkit. Here on this page is a step-by-step tutorial for getting started with LDP. In my opinion, it should be called not LDP but LDAP, as that's what it configures. Perhaps LDP is overlooked because it's so hard to get going, I will reveal the secrets of
how you search for Active Directory
information with this Microsoft utility. Tutorial Topics for LDP
‡
Installing LDP is easy. From the CD \support\tools, double click suptools.msi. Alternatively, here is a free download of Microsoft's LDP. There are a number of ways of executing ldp.exe, to begin with, let us call for the Run dialog box and type ldp.
Scenario: We wish to view our domain and check on users whose first name begins with 'a'. The more choices a program gives, the more difficult it is for a beginner to get started. In the case of
LDP, you have to perform three operations in sequence before you can start. 1) Click on the Connection
menu, then Connect, select your server name. Being an LDAP program, leave the port on 389. You don't want Connectionless, therefore leave the default setting. No tick in the Connectionless box. No
need for SSL either. 2) Next we need to Bind, which is rather like logging on. Even though
you would expect that LDP would use the credentials of the logged on user, it does not always work that way. So just Bind with an Administrator's name and password. 3) Click View and
select Tree; what you see is a box waiting for baseDN (Distinguished Name).  Now we come to the crucial
step. The text books say type, DC=yourdomain,DC=com. The problem comes if you are unsure of your domain name. For instance, does it have an extension of .com? Guy says just try pressing OK without
entering anything at all in the box.
If it truly is your intention to connect to a domain, then do not use the drop-down menu and select, DC=ForestDnsZones,DC=domain,DC=com, that just does not work for me.
4) What I hope you will see in the left hand LDP panel is a structure that reminds you of Active Directory Users and Computers.
5) Now you have done all the hard work. It's time for the first LDAP query. Click on the Browse menu, and select Search. Leave the Base Dn: dialog entry as it is, in the Filter box
type (givenName=a*). If you remember our brief was to find all users whose first name begins with 'A'. If that produces no results, try (cn=a*). CN means common name, and surely there will be
an administrators' account in the domain? 6) The fruits of all your LDP efforts should now appear in the right hand menu. The fact that the latest entries are
at the bottom rather than the top, takes a little getting used to, so be prepared to scroll down.
Guy Recommends: SolarWinds Engineer's Toolset v10
The Engineer's Toolset v10 provides a
comprehensive console of utilities for troubleshooting computer problems. Guy says
it helps me monitor what's occurring on the network, and the tools
teaches me more about how the system literally operates.
There are so many good gadgets, it's like having free rein of a
sweetshop. Thankfully the utilities are displayed logically: monitoring, discovery, diagnostic, and Cisco tools.
Download your copy of the Engineer's Toolset v 10
***Searching...
ldap_search_s(ld, "DC=cp,DC=com", 2, "(cn=a*)", attrList, 0, &msg)
Result <0>: (null)
Matched DNs:
Getting 24 entries:
>> Dn:
CN=a86fe12a-0f62-4e2a-b271-d27f601f8182,CN=Operations,CN=DomainUpdates,CN=System,DC=cp,DC=com
2> objectClass: top; container;
1> cn: a86fe12a-0f62-4e2a-b271-d27f601f8182;
1> distinguishedName:
CN=a86fe12a-0f62-4e2a-b271-d27f601f8182,CN=Operations,CN=DomainUpdates,CN=System,DC=cp,DC=com;
1> name: a86fe12a-0f62-4e2a-b271-d27f601f8182;
1> canonicalName: cp.com/System/DomainUpdates/Operations/a86fe12a-0f62-4e2a-b271-d27f601f8182;
>> Dn: CN=ab402345-d3c3-455d-9ff7-40268a1099b6,CN=Operations,CN=DomainUpdates,CN=System,DC=cp,DC=com
2> objectClass: top; container;
1> cn: ab402345-d3c3-455d-9ff7-40268a1099b6;
1>
distinguishedName: CN=ab402345-d3c3-455d-9ff7-40268a1099b6,CN=Operations,CN=DomainUpdates,CN=System,DC=cp,DC=com;
1> name: ab402345-d3c3-455d-9ff7-40268a1099b6;
1> canonicalName: cp.com/System/DomainUpdates/Operations/ab402345-d3c3-455d-9ff7-40268a1099b6;
>> Dn: CN=ab9b6f9e-7ef4-4e9a-902d-ae9a3881bce9,CN=Packages,CN=Class Store,CN=Machine,CN={4627307D-103B-4A81-99D0-B5B06B8AD999},CN=Policies,CN=System,DC=cp,DC=com
2> objectClass: top; packageRegistration;
1> cn: ab9b6f9e-7ef4-4e9a-902d-ae9a3881bce9;
1> distinguishedName: CN=ab9b6f9e-7ef4-4e9a-902d-ae9a3881bce9,CN=Packages,CN=Class Store,CN=Machine,CN={4627307D-103B-4A81-99D0-B5B06B8AD999},CN=Policies,CN=System,DC=cp,DC=com;
1> name: ab9b6f9e-7ef4-4e9a-902d-ae9a3881bce9;
1> canonicalName: cp.com/System/Policies/{4627307D-103B-4A81-99D0-B5B06B8AD999}/Machine/Class Store/Packages/ab9b6f9e-7ef4-4e9a-902d-ae9a3881bce9;
>>
Dn: CN=abab2104-5729-4bed-ac94-a65c89516e84,CN=AppCategories,CN=Default Domain Policy,CN=System,DC=cp,DC=com
3> objectClass: top; leaf; categoryRegistration;
1> cn: abab2104-5729-4bed-ac94-a65c89516e84;
1> distinguishedName: CN=abab2104-5729-4bed-ac94-a65c89516e84,CN=AppCategories,CN=Default Domain Policy,CN=System,DC=cp,DC=com;
1> name: abab2104-5729-4bed-ac94-a65c89516e84;
1> canonicalName:
cp.com/System/Default Domain Policy/AppCategories/abab2104-5729-4bed-ac94-a65c89516e84;
>> Dn: CN=Account Operators,CN=Builtin,DC=cp,DC=com
2> objectClass: top; group;
1> cn: Account Operators;
1> description: Members can administer domain user and group accounts;
1> distinguishedName: CN=Account Operators,CN=Builtin,DC=cp,DC=com;
1> name: Account Operators;
1> canonicalName:
cp.com/Builtin/Account Operators;
>> Dn: CN=Administrator,CN=Users,DC=cp,DC=com
4> objectClass: top; person; organizationalPerson; user;
1> cn: Administrator;
1> description: Built-in account
for administering the computer/domain;
1> distinguishedName: CN=Administrator,CN=Users,DC=cp,DC=com;
1> name: Administrator;
1> canonicalName: cp.com/Users/Administrator;
>> Dn: CN=Administrators,CN=Builtin,DC=cp,DC=com
2> objectClass: top; group;
1> cn: Administrators;
1> description: Administrators have complete and unrestricted access to the computer/domain;
1> distinguishedName: CN=Administrators,CN=Builtin,DC=cp,DC=com;
1> name: Administrators;
1> canonicalName: cp.com/Builtin/Administrators;
-
 Guy
recommends: The SolarWinds ipMonitor
I am attracted to
ipMonitor
because it inhabits that zone of part work, part play; Guy just could not put
the dashboard away. This excellent performance monitor will get you
started in the quest to remove bottlenecks on your network. SolarWinds
provides this fully-functioning product free for 21 days. So download and
install ipMonitor, then start scrutinizing your computers CPU, memory and disk
performance.
Installing ipMonitor is a breeze, but learn from gung-ho Guy's mistake, and
install SNMP on each computer that you wish to monitor. What sealed my
unreserved recommendation of SolarWinds is their support team, you will get
expert help even when you are evaluating the ipMonitor.
Download SolarWinds ipMonitor (21 days eval)
Microsoft's LDP is a tricky program to get started. This page gives you a step-by-step tutorial to create LDAP queries against a Windows Server 2003 Active Directory. Get your copy of LDP from
the Windows Server 2003 Support Tools.
Download LDP
See Also
● ADSI Edit
● ADSI More Examples ●
ADModify
● LDP ●
Replmon
●
Performance Monitor Tool
|
