Ldp.exe is a graphical tool that allows users to perform Lightweight Directory Access Protocol (LDAP) operations, such as connect, bind, search, modify, add, and delete, against any LDAP-compatible directory, such as Acti e Directory! directory ser ice. LDAP is an "nternet-standard wire protocol used by Acti e Directory. #any ob$ects stored in Acti e Directory are not readily displayed using the graphical tools that ship with the retail ersion of #icrosoft% &indows% '(((. Ldp.exe can be used by administrators to iew these ob$ects and their metadata such as security descriptors and replication metadata to aid in problem determination.
Contents )tarting Ldp * Ldp #enu )elections +ile #enu ' ,rowse #enu ' -iew #enu .

Starting Ldp
Ldp.exe can be in o/ed from the command prompt, or from the )tart menu run command line. "t has a &indows 0xplorer1li/e interface, with the scope pane on the left for na igating through Acti e Directory namespace and the results pane on the right for displaying the results of the LDAP operations. Any text displayed in the results pane can be selected with the mouse and copied to the clipboard.

Ldp Menu Selections

Ldp ma/es extensi e use of menu commands to perform the arious LDAP operations.

File Menu
2he Connect dialog box allows the user to enter the Domain 3ontroller4s D5) name or "P address and to specify the 23P port. Lea ing the ser er4s name field blan/ results in a connection to a domain controller in the current logged-on user4s domain. Port 678 is the default port for LDAP and port 6'97 is the default port for Acti e Directory :lobal 3atalog. ;pon successful connection to a domain controller, the <ootD)0 information will be displayed in the results pane.

2he Bind dialog box allows the user to submit their credentials for authentication during the LDAP session. "f these fields are left blan/, Ldp will use the credentials of the user who is currently logged on.

2his terminates the current connection to the domain controller.

2his clears the results pane.

Save/Save As
2his sa es the contents of the results pane to a text file.

Browse Menu
2he Add dialog allows the user to add ob$ects to Acti e Directory. 2he full distinguished name of the ob$ect must be entered, as well as all the mandatory attributes for the class of ob$ect being added.

2he Delete dialog box permits the user to delete any ob$ect in Acti e Directory. 2he full distinguished name of the ob$ect must be entered. "f the selected ob$ect is a container, the chec/ box option Recursive causes Ldp to delete any child ob$ect, e en if that child ob$ect is itself a container.

2he Modify dialog box allows the user to modify the attributes of any ob$ect stored in the directory. Again the ob$ects full distinguished name must be entered. =peration selection permits new alues to be added or existing alues to be deleted or replaced.



2he Modify RDN dialog box allows the user to modify (or rename) an ob$ect4s relati e distinguished name. 2his also permits an ob$ect to be mo ed from one container to another.

2he Search dialog box allows the user to search Acti e Directory. 2he search base must be specified as a distinguished name, and the filter must be a alid LDAP filter. +or example to retrie e all ob$ects with 5ame* as their first name and a surname beginning with the letter >)? the filter would be (@(firstnameA5ame*)(snA)B)). 2o find all ob$ects with a surname of )urname* or a surname of )urname', the filter would be (C (snA)urname*)(snA)urname'))

2he Compare dialog box allows the user to compare the alue of an ob$ect4s attribute with a specified alue and returns a result of either true or false.

#xtended $peration
2he Extended Operation dialog box allows the user to submit an extended LDAP operation to Acti e Directory by specifying a LDAP =perational "D (="D) and an applicable alue.

2he Security dialog box permits the user to iew the security descriptor that has been placed on an ob$ect. 2his can be useful when attempting to determine the access permissions to an ob$ect. )ample outputD
Ace[15]: Type: (5) ACCESS_ALLOWED_OBJECT_ACE_TYPE AceSize: 0x2 Ace!"#$%: (0x0) &#%': 0x00000010 !"#$%: 0x1 ACE_OBJECT_TYPE_P(ESE)T O*+ec, Type: (i- .E/)(50*#2122340#2311503003203003c03213c23563c1) 789D_PS_7E)E(AL_9)!O Si5: S3130x000005330x* )T A8T.O(9TY:A;,<e-,ic#,e5 8%e=%

2he Replication dialog box displays the replication metadata such as Attribute "D, =riginating and Local ;pdate )eEuence 5umbers (;)5), :;"D of the originating domain controller, dateF time stamps for e ery attribute of an ob$ect. 2his is useful in identifying whether ob$ects ha e been updated and replicated between the domain controllers. )ample outputD
7e,,i-$ >c-?@ic,A= 56 e-,=ie%D A,,9D @e= LAcD8S) ????? ??? ??????? 0 1 C 6 1 C 2 1 C E#%,B#-CA;?S#"e%C5c?#-,ipA5e%C5c?cAB> Be,#5#,#DDD O=i$i-#,i-$ DSA ??????????????? 2#06560*1#2*5211*600#F5 #ee002F6 2#06560*1#2*5211*600#F5 #ee002F6 2#06560*1#2*5211*600#F5 #ee002F6 O=$D8S) ??????? C C C O=$DTiBeED#,e ????????????? 0 30 306 15:11D22 0 30 306 15:11D22 0 30 306 15:11D22

%iew Menu
2he Tree dialog box is used to specify the base ob$ect to be displayed in the scope pane. "f the base distinguished name is left blan/, the tree iew is rooted at the current default domain for the logged on user. 2he tree iew permits the user to expand and collapse the child ob$ects, and doubleclic/ing on a selected ob$ect displays the attributes of that ob$ect in the results pane.

#nterprise Configuration
0nterprise 3onfiguration graphically displays all domains and domain controllers in the enterprise. "t also indicates whether the domain controllers are online or offline.

