Ldp

The Ldp dialog box consists of two panes: the console tree and the details pane. The console tree lists the base object and any child objects. The details pane lists the results of the Lightweight Directory Access Protocol (LDAP) operations. To start Ldp, click Start, right-click Command Prompt, click Run as administrator, type ldp at the command prompt, and then press ENTER.

The following sections describe the commands on the Ldp menus:

Connection

The following table describes the commands on the Connection menu.

Command Details

Connect

Opens a dialog box that you can use to open a session with a specified LDAP server. A connection must be established with an LDAP server before any other LDAP commands can be run. Type the appropriate port number for the service that you are connecting to. By default, LDAP uses TCP for a connection-oriented session. To use User Datagram Protocol (UDP) for a connectionless session, select the Connectionless check box. By default, a successful connection results in the appearance of RootDSE information in the details pane.

Bind

Opens a dialog box that you can use to authenticate a specified LDAP server. Type a user name and password of an account that has permissions to the LDAP server. If you do a simple bind with an empty password, you will be connected with anonymous credentials. As a shortcut, use the Bind command without using the Connect command to connect, and then authenticate with the server that you last connected to. Click Advanced on the Bind dialog box to open the Bind Options dialog box and configure authentication method options.

The following table describes the options in the Bind Options dialog box.

Option Description

Function Type

Specifies a category of authentication for Ldp to use when choosing authentication methods.

Generic

Specifies the use of a standard authentication protocol.

Simple

Specifies the use of no authentication protocol, and sends the password in plaintext.

Extended

Not available.

Method

Specifies the type of authentication that Ldp uses when passing credentials.

Synchronous

Specifies that the authenticating server must respond immediately to requests. This option works only with simple authentication.

Use auth. identity

Allows the use of alternate authentication credentials. All authentication methods except simple methods require synchronous calls.

Disconnect

Terminates an open session with a specified LDAP server. Closing Ldp automatically disconnects any open sessions.

New

Keeps the currently connected session, but clears the details pane. The keyboard shortcut for this action is CTRL+N.

Save

Saves changes to a previously saved file.

Save as

Saves the contents of the details pane to a text file. Use the Open command to view the contents of this file in the details pane later.

Print

Prints the contents of the details pane.

Browse

The following sections describe the commands on the Browse menu.

Add Child

Opens a dialog box that you can use to add objects to Active Directory Lightweight Directory Services (AD LDS). You must enter the full distinguished name of the object, as well as all the mandatory attributes for the class of object that you are adding.

The following table describes the options in the Add dialog box.

Option Details

Dn

Type the full distinguished name of the new object.

Attribute

Type the required or optional attribute.

Values

Type the values that are associated with the attribute. Separate multiple values for a single attribute with a semicolon. No spaces are required.

Enter

Adds the entered attribute and values to the Entry List box, and clears the Attribute and Values boxes. Continue entering attributes and values until all required and desired optional attributes are in the Entry List box.

Insert file

Opens a dialog box that you can use to open a text file with the appropriate attributes and values.

Entry List

Displays the attributes and values that you enter.

Edit

Opens a dialog box that you can use to enter changes to the selected entry in the Entry List box.

Remove

Deletes the selected entry from the Entry List box.

Extended

Select this check box if the object that you are adding is part of an extended control.

Synchronous

If this check box is selected (which is the default), Ldp is required to wait for a response from the destination server before continuing. If you clear this check box, Ldp continues before a response is received. Clear this check box when slow wide area network (WAN) connections are causing Ldp commands to time out.

Run

Adds the current attributes and values in the Entry List to AD LDS. If Ldp encounters any errors, the object is not added and an error message appears in the details pane.

Delete

This command opens a dialog box that you can use to delete an object from AD LDS. Attributes can be deleted only if they are defined as optional and if they contain no values. To delete an attribute's values, on the Browse menu in the Add dialog box, click Edit.

Option Details

DN

Type the full distinguished name of the new object.

Extended

Select this check box if the object being modified is part of an extended control.

Synchronous

If this check box is selected (which is the default), Ldp is required to wait for a response from the destination server before continuing. If you clear this check box, Ldp continues before a response is received. Clear this check box when slow WAN connections are causing Ldp commands to time out.

Recursive (client)

Deletes all objects in a container, but does not delete the container.

Modify

This command opens a dialog box that you can use to change the attributes of an object that is stored in AD LDS.

The following table describes the options in the Modify dialog box.

Option Details

Dn

Type the full distinguished name of the new object.

Attribute

Type the required or optional attribute.

Values

Type the values that are associated with the attribute. Separate multiple values for a single attribute with a semicolon. No spaces are required.

Insert file

Opens a dialog box that you can use to open a text file with the appropriate attributes and values.

Enter

Adds the entered attribute and values to the Entry List section of the dialog box, and clears the Attribute and Values fields. Continue entering attributes and values until all required and desired optional attributes are in the Entry List box.

Operation

Add, Delete, or Replace. To add a new value to an existing attribute, click Add. To permanently remove an attribute from the listed object, click Delete. Attributes that contain data cannot be deleted. Also, attempting to delete required attributes results in an error. To replace an existing value with another or to change listed values for an existing attribute, click Replace.

Entry List

Displays the existing attributes and values for an object.

Edit

Opens a dialog box that you can use to make changes to the selected entry in the Entry List box.

Synchronous

If this check box is selected (which is the default), Ldp is required to wait for a response from the destination server before continuing. If you clear this check box, Ldp continues before a response is received. Clear this check box when slow WAN connections are causing Ldp commands to time out.

Extended

Select this check box if the object being modified is part of an extended control.

Run

Sends the edited values in the Entry List box to AD LDS.

Modify DN

Opens a dialog box that you can use to change the relative distinguished name of an object. This option is designed to modify leaf objects only. If you rename the container portion of the distinguished name, the object moves to the container that is named.

The following table describes the options in the Modify RDN dialog box.

Option Details

Old Dn

Type the current distinguished name of the object.

New Dn

Type the new distinguished name for the object.

Delete Old

If this check box is selected (which is the default), the old distinguished name is removed from the LDAP directory.

Synchronous

If this check box is selected (which is the default), Ldp is required to wait for a response from the destination server before continuing. If you clear this check box, Ldp continues before a response is received. Clear this check box when slow WAN connections are causing Ldp commands to time out.

Extended rename

Select this check box if the object being renamed is part of an extended control.

Run

Sends the change to AD LDS.

Search

Opens a dialog box that you can use to create a customized search filter and to perform the search on the directory information tree. The search base must be specified as a distinguished name, and the filter must be a valid LDAP filter. Items that are returned from a search are separated by >> characters.

The following table describes the options in the Search dialog box.

Option Details

Base Dn

Type a distinguished name to specify where the search starts.

Filter

Type the search criteria, separated by LDAP search filters. Type attributes and values to find an object or set of objects. Note that LDAP search filters are defined in RFC 2254 and in article 255602 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?linkid=4441).

Scope

Specifies how many levels the search encompasses.

Base

Searches the base object only.

One Level

Searches objects immediately subordinate to the base object, but does not search the base object.

Subtree

Searches the entire subtree, from the base object down to all child objects.

Options

Opens the Search Options dialog box. You can use these options to apply filters that allow some entries and exclude others from the search and that allow you to control the way the search is processed.

Run

Sends the search request to AD LDS.

Compare

Opens a dialog box that you can use to compare the value of an attribute of an object with a specified value. The result returned is either true or false.

The following table describes options in the Compare dialog box.

Option Details

Dn

Type the full distinguished name of the object whose values will be compared.

Attribute

Type the attribute to be compared.

Value

Type the value that will be compared with the existing value in AD LDS. Separate multiple values for a single attribute with a semicolon. No spaces are required.

Synchronous

If this check box is selected (which is the default), Ldp is required to wait for a response from the destination server before continuing. If you clear this check box, Ldp continues before a response is received. Clear this check box when slow WAN connections are causing Ldp commands to time out.

Run

Starts the comparison.

Extended Op

Opens a dialog box that you can use to submit an extended operation to an LDAP directory by specifying an LDAP object identifier (also known as OID) and an applicable value.

The following table describes the options in the Extended Operations dialog box.

Option Details

Oid

Type the object identifier number.

Data

Type the value of the object identifier attribute.

Controls

See Controls Option in the Options section.

Send

Submits the extended operation to AD LDS.

GetLastError

Calls the LDAP GetLastError function.

Security

Opens a dialog box that you can use to submit an extended operation to an LDAP directory by specifying an LDAP object identifier and an applicable value.

The following table describes the options in the Security Descriptor dialog box.

Option Details

Security Descriptor

Opens a dialog box that you can use to view access permissions on an object.

Replication

Opens a dialog box that you can use to submit an extended operation to an LDAP directory by specifying an LDAP object identifier and an applicable value.

The following table describes the options in the Replication Metadata dialog box.

Option Details

Replication/View Metadata

In Object DN, type the distinguished name of the object whose replication metadata you want to view.

Process Pending

Opens a dialog box that shows the list of requests that are not finished processing.

View

The following table describes the commands on the View menu.

Command Details

Tree

In BaseDN, type the distinguished name of the object to use as the base object in the navigation pane.

Enterprise Configuration

This menu option does not apply to AD LDS.

Status Bar

Shows or hides the status bar, which is located along the bottom of the LDAP window.

Options

The following sections describe the commands on the Options menu.

Search

The following table describes the options in the Search Options dialog box.

Option Details

Time limit

Type the number of milliseconds that the search can take on the server. By default, the maximum is 120 seconds.

Size limit

Type the maximum number of bytes that the search can return. Typing a null value does not place a maximum size on the data that is returned.

Timeout (s)

Type the number of seconds that Ldp waits for the LDAP server to respond to a search request.

Timeout (ms)

Type the number of milliseconds that Ldp waits for the LDAP server to respond to a search request.

Page size

Type the maximum size, in bytes, of each page of returned data.

Attributes

Specifies which attributes to return in the search. Separate multiple attributes with a semicolon. Use the wildcard character (*) to indicate all attributes.

Search Call Type

Specifies a call type to use in the search. If the search will take some time, you can click Async. so that you can perform other tasks while waiting for the search to complete.

Attributes Only

Select this check box to return only attributes of objects. The distinguished name is not returned.

Chase referrals

Performs a search for objects that are found in external LDAP directories. By default, the objects' trusts of external LDAP directories return only a referral instead of the actual object.

Display Results

Displays a detailed list of objects that are returned by the search. By default, only a success or failure and the number of objects found appear.

Sort Keys

Opens the Sort Keys dialog box. See the Sort Keys section below.

Controls

Opens the Controls dialog box.

Pending

Opens a dialog box that you can use to place filters on the list of processes that have not yet completed.

The following table describes the options in the Pending Options dialog box.

Option Details

All search results

Specifies that all search results display.

Blocking

Clear this check box to set a time limit.

Time Limit (sec):

Type a time limit in seconds.

Time Limit (millisec):

Type a time limit in milliseconds.

General

The following table describes the options in the General Options dialog box.

Option Details

Value Parsing

Specifies the display format of the LDAP data. Binary displays the LDAP information in its native numerical format. String converts the LDAP information from its native format to ASCII characters so that it is more readable when it is displayed. This is the default setting. Values that are too long to be converted are still displayed in binary form.

LDAP Version

Specifies which version of LDAP the server is using. The default is version 3.

DN processing

Converts the distinguished names, which are displayed in component parts, by extending the data types that Ldp returns when it performs a command.

Buffer Size

In Number of lines, type the number of returned lines to display per command. In Chars per line, type the number of returned characters to display per command.

Auto default NC query

Specifies that Ldp queries the default naming context when a connection to the LDAP server is made. The default naming context is the RootDSE. This setting is used when the distinguished name value in the View|Tree dialog box is left blank.

Virtual List View (VLV)

Select the Auto VLV browse when check box to display a virtual list view whenever the object count is greater than the value that is displayed in the container size is greater than box. The default value is 100.

Connection Options

Opens a dialog box that you can use to change the value of any option.

The following table describes the options in the Connection Options dialog box.

Option Details

Option Name

Type the name of the option whose value will be reset.

Value

Type the new value for the specified option.

Set

Sends the information to the LDAP directory.

Controls

In the Controls dialog box, enter information to extend the functionality of LDAP.

The Object Identifier option must be specified when you implement a control. To obtain a list of object identifiers, view the supportedControls property in the RootDSE of a domain controller.

Additional considerations

  • Only server controls can be sent to a server. Client controls work only with LDAP application programming interfaces (APIs).

  • To view a list of extended LDAP controls, see article 222560 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?linkid=4441).

Sort Keys

Sort Keys is a type of control that formats the display of search results. To format the display of your search results, in the Sort Keys dialog box, type an attribute type.

TLS

The following table describes the subcommands for the TLS command.

Option Details

StartTLS or StopTLS

Starts or stops a secure session with the LDAP server that uses Transport Layer Security (TLS).

Utilities

The following table describes the commands on the Utilities menu.

Option Details

Large Integer Converter

To convert long integers into high and low parts, type a value in the String box.

SID Lookup

To determine the domain\user that is associated with a given security ID (SID), type a SID into List of sids, and then click OK. The associated domain\user appears in the details pane.

Additional references