ADSI Edit is a Microsoft Management Console (MMC) snap-in for general administration of Active Directory Lightweight Directory Services (AD LDS). It is installed as part of the AD LDS server role. To use ADSI Edit to administer an AD LDS instance, you must first connect and bind to the instance. You can administer containers and objects in the instance by browsing to the containers or objects and then right-clicking them.

Membership in the Administrators group of the AD LDS instance is the minimum required to complete this procedure. By default, the security principal that you specify as the AD LDS administrator during AD LDS setup becomes a member of the Administrators group in the configuration partition. For more information about AD LDS groups, see Understanding AD LDS Users and Groups.

To connect and bind to an AD LDS instance using ADSI Edit
  1. Open ADSI Edit.

  2. In the console tree, click ADSI Edit.

  3. On the Action menu, click Connect to.

  4. In Select or type a domain or server: (Server | Domain[:port], type the Domain Name Service (DNS) name, NetBIOS name, or IP address of the computer on which the AD LDS instance is running, followed by a colon (:) and the Lightweight Directory Access Protocol (LDAP) communication port that the AD LDS instance to which you want to connect is using.


    If you have previously connected to the instance on this computer, the server and port might already be in the list.

  5. Under Connection point, do one of the following:

    • Click Select or type a distinguished name (DN) or naming context, and then specify the distinguished name to which you want to connect.

    • Click Select a well-known naming context, and then click Configuration, RootDSE, or Schema.

  6. To connect with an alternative account, click Advanced; click Specify Credentials; and then, under Connect using these credentials, type the domain, user name, and password of the account.

Additional considerations

  • To open ADSI Edit, on a computer with the AD LDS server role installed, click Start, click Administrative Tools, and then click ADSI Edit.

  • To create additional connections to AD LDS instances, on the Action menu, click Connect to for each new connection.

  • The default communication port for LDAP is 389.

  • To connect to an AD LDS instance running on the local computer, type localhost as the server name.

Additional references