Active Directory Application Mode Tools and Settings
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2012, Windows Server 2012 R2
In this section
ADAM Tools
ADAM Registry Entries
ADAM WMI Classes
Network Ports Used by ADAM
This section contains information about the tools, registry entries, Windows Management Instrumentation (WMI) classes, and network ports that are associated with Active Directory Application Mode (ADAM).
ADAM Tools
The following tools are associated with ADAM.
Note
Some ADAM tools are updated versions of tools that are provided with Active Directory. When you administer ADAM with the tools that are described in this section, you should always use the version of the tool that ships with ADAM. By default, these tools can be found in the windir\ADAM directory on the computer on which ADAM is installed.
For more information about the tools in this section, see the ADAM Administrator’s Guide. To view the ADAM Administrator’s Guide, after you install ADAM click Start, point to All Programs, point to ADAM, and then click ADAM Help.
ADAM-adsiedit.msc: ADAM ADSI Edit
Category
This tool ships with ADAM.
Version compatibility
| Can Be Run From | Can Be Run Against |
|---|---|
Domain controllers and servers running:
Computers running:
|
Domain controllers and servers running ADAM:
Computers running ADAM: Windows XP Professional |
ADAM ADSI Edit is a Microsoft Management Console (MMC) snap-in tool that you can use to view and modify directory objects.
ADAMsetup: ADAM Setup
Category
This tool ships with ADAM.
Version compatibility
| Can Be Run From | Can Be Run Against |
|---|---|
Domain controllers and servers running:
Computers running:
|
Runs locally. |
ADAM Setup performs an unattended installation of ADAM using a preconfigured setup script file.
ADAMuninstall: ADAM Uninstall
Category
This tool ships with ADAM.
Version compatibility
| Can Be Run From | Can Be Run Against |
|---|---|
|
Runs locally. |
ADAM Uninstall uninstalls an ADAM instance.
Csvde.exe: Csvde
Category
This tool ships with ADAM.
Version compatibility
| Can Be Run From | Can Be Run Against |
|---|---|
Domain controllers and servers running:
Computers running:
|
Domain controllers and servers running ADAM:
Computers running ADAM: Windows XP Professional |
You can use Csvde to import and export data from Active Directory using files that store data in the comma-separated value (CSV) file format standard. Csvde also supports batch operations that are based on the CSV file format.
To find more information about Csvde, see “Command-Line References” in Tools and Settings Collection.
Dsacls: Dsacls
Category
This tool ships with ADAM.
Version compatibility
| Can Be Run From | Can Be Run Against |
|---|---|
Domain controllers and servers running:
Computers running:
|
Domain controllers and servers running ADAM:
Computers running ADAM: Windows XP Professional |
Dsacls displays and changes permissions (access control entries (ACEs)) in the access control list (ACL) of ADAM objects.
The ACEs that you add by using Dsacls must be object-specific permissions that override the default partition permissions that are defined in the ADAM schema. Do not add ACEs unless you are well informed about security for ADAM objects.
If you specify an object without additional parameters, Dsacls displays the ACEs in the ACL.
Dsdbutil: Dsdbutil
Category
This tool ships with ADAM.
Version compatibility
| Can Be Run From | Can Be Run Against |
|---|---|
|
Runs locally. |
Dsdbutil provides management facilities for ADAM. This tool is intended for use by experienced administrators.
Note
- Some Dsdbutil commands can be used only against ADAM instances that are not currently running.
Dsdiag: Dsdiag
Category
This tool ships with ADAM.
Version compatibility
| Can Be Run From | Can Be Run Against |
|---|---|
Domain controllers and servers running:
Computers running:
|
Domain controllers and servers running ADAM:
Computers running ADAM: Windows XP Professional |
Dsdiag analyzes the state of the ADAM directory service and reports any problems to assist in troubleshooting. Dsdiag provides detailed information about how to identify abnormal behavior in the system.
Dsdiag consists of a framework for running tests and a series of tests to verify different functional areas of the system. This framework selects which directory services are tested, according to scope directives from the user.
Dsmgmt: Dsmgmt
Category
This tool ships with ADAM.
Version compatibility
| Can Be Run From | Can Be Run Against |
|---|---|
Domain controllers and servers running:
Computers running:
|
Domain controllers and servers running ADAM:
Computers running ADAM: Windows XP Professional |
Dsmgmt provides management facilities for ADAM, including partition management and Lightweight Directory Access Protocol (LDAP) policies.
Ldifde.exe: Ldifde
Category
This tool ships with ADAM.
Version compatibility
| Can Be Run From | Can Be Run Against |
|---|---|
Domain controllers and servers running:
Computers running:
|
Domain controllers and servers running ADAM:
Computers running ADAM: Windows XP Professional |
You can use Ldifde to create, modify, and delete directory objects. You can also use Ldifde to extend the schema, export ADAM user and group information to other applications or services, and populate ADAM with data from other directory services.
Ldp.exe: Ldp
Category
This tool ships with ADAM.
Version compatibility
| Can Be Run From | Can Be Run Against |
|---|---|
Domain controllers and servers running:
Computers running:
|
Computers running an LDAP directory service, such as ADAM |
Ldp is an LDAP graphical user interface (GUI) tool that you can use to perform operations such as connect, bind, search, modify, add, and delete against any LDAP-compatible directory, such as ADAM. You can also use Ldp to view objects, along with their metadata, that are stored in ADAM (for example, security descriptors and replication metadata).
You can use the online dbdump feature in Ldp to view values that are stored in the database while the domain controller is running. You can trigger dbdump by modifying the dumpDatabase attribute on the rootDSE.
Repadmin: Repadmin
Category
This tool ships with ADAM.
Version compatibility
| Can Be Run From | Can Be Run Against |
|---|---|
Domain controllers and servers running:
Computers running:
|
Domain controllers and servers running ADAM:
Computers running ADAM: Windows XP Professional |
Repadmin performs tasks that are related to replication, including managing and modifying replication topology, forcing replication events, and displaying replication metadata and up-to-dateness vectors.
ADAM Registry Entries
The following registry entries are associated with ADAM.
The registry entries under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_instancename\Diagnostics control the logging level for the component or process that is specified in the entry name. The value for each entry is set to an integer from and including 0 (no logging) through 5 (most verbose logging).
The registry entries under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_instancename\Parameters control or contain information about the configuration of an ADAM instance.
The information here is provided as a reference for use in troubleshooting or verifying that the required settings are applied. It is recommended that you do not directly edit the registry unless there is no other alternative. Modifications to the registry are not validated by the registry editor or by Windows before they are applied, and as a result, incorrect values can be stored. This can result in unrecoverable errors in the system. When possible, use Group Policy or other Windows tools, such as Microsoft Management Console (MMC), to accomplish tasks rather than editing the registry directly. If you must edit the registry, use extreme caution.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_instancename\Diagnostics
The following registry entries are located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_instancename\Diagnostics.
6 Garbage Collection
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM**_**instancename\Diagnostics
Version
Computers running ADAM.
Controls the logging of events that are generated when objects that are marked for deletion are actually deleted.
7 Internal Configuration
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM**_**instancename\Diagnostics
Version
Computers running ADAM.
Controls the logging of internal operations.
8 Directory Access
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM**_**instancename\Diagnostics
Version
Computers running ADAM.
Controls the logging of read and write operations to directory objects from all sources.
9 Internal Processing
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM**_**instancename\Diagnostics
Version
Computers running ADAM.
Controls the logging of events that are related to internal directory service operations.
11 Initialization/Termination
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM**_**instancename\Diagnostics
Version
Computers running ADAM.
Controls the logging of events that are generated by starting and stopping ADAM.
12 Service Control
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM**_**instancename\Diagnostics
Version
Computers running ADAM.
Controls the logging of ADAM service events.
13 Name Resolution
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM**_**instancename\Diagnostics
Version
Computers running ADAM.
Controls the logging of events that are generated by the resolution of addresses and ADAM names.
14 Backup
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM**_**instancename\Diagnostics
Version
Computers running ADAM.
Controls the logging of events that are related to backing up ADAM. Specifically, controls the logging of events that occur when Extensible Storage Engine (ESE) database records are read or written during backup.
16 LDAP Interface Events
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM**_**instancename\Diagnostics
Version
Computers running ADAM.
Controls the logging of events that are related to LDAP.
22 DS RPC Client
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM**_**instancename\Diagnostics
Version
Computers running ADAM.
Controls the logging of events that are related to communication between ADAM instances. Examples of logged events include remote procedure call (RPC) errors, canceled calls, and service principal name (SPN)–related operations.
23 DS RPC Server
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM**_**instancename\Diagnostics
Version
Computers running ADAM.
Controls the logging of events that are related to an ADAM instance acting as an RPC server. An ADAM instance acts as an RPC server, for example, during outbound replication and replication setup operations.
24 DS Schema
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM**_**instancename\Diagnostics
Version
Computers running ADAM.
Controls the logging of events that are related to schema errors and operations. Such errors and operations include schema additions, deletions, modifications, look-up errors, look-up failures, and caching errors.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_instancename\Parameters
The following registry entries are located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters.
BinPath
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_instancename\Parameters
Version
Computers running ADAM.
Contains the path to the program files for the ADAM instance.
CommonBinPath
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_instancename\Parameters
Version
Computers running ADAM.
Contains the path to the ADAM program files that are shared by all ADAM instances running on a given computer.
Configuration NC
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_instancename\Parameters
Version
Computers running ADAM.
Contains the distinguished name of the configuration directory partition.
Database Backup Path
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_instancename\Parameters
Version
Computers running ADAM.
Determines the directory that is used as the target directory when online backups of the directory database are performed.
Database Log Files Path
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_instancename\Parameters
Version
Computers running ADAM.
Determines the directory path that is used to store ADAM log files.
Database Logging/Recovery
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_instancename\Parameters
Version
Computers running ADAM.
Controls a Microsoft Jet database engine parameter called JET_paramRecovery that determines whether database operations are logged.
DS Drive Mappings
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_instancename\Parameters
Version
Computers running ADAM.
Tracks local drive mapping names so that the database file can be located if drive mappings are modified.
DSA Database File
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_instancename\Parameters
Version
Computers running ADAM.
Determines the file that is used by the ADAM instance for storing objects.
DSA Working Directory
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_instancename\Parameters
Version
Computers running ADAM.
Specifies the working directory of the ADAM instance.
Long Instance Name
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_instancename\Parameters
Version
Computers running ADAM.
Contains the instance name of the ADAM instance.
Machine DN Name
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_instancename\Parameters
Version
Computers running ADAM.
Contains the distinguished name of the computer on which ADAM is running.
Port LDAP
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_instancename\Parameters
Version
Computers running ADAM.
Contains the port number that is currently being used for LDAP.
Port SSL
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_instancename\Parameters
Version
Computers running ADAM.
Contains the port number that is currently being used for Secure Sockets Layer (SSL).
Schema Version
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_instancename\Parameters
Version
Computers running ADAM.
Contains the ADAM schema version for which a particular operating system is configured.
Service Account SID
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_instancename\Parameters
Version
Computers running ADAM.
Contains the security ID (SID) of the account that is being used as the service account for the ADAM instance.
System Schema Version
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_instancename\Parameters
Version
Computers running ADAM.
Contains the version of the ADAM schema at the time that a backup is taken. This value is used to prevent an incompatible schema version from being restored from backup.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_instancename\Diagnostics
The following registry entry is located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters.
Backup Latency Threshold (Days)
Registry path
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters
Version
Windows Server 2003 with Service Pack 1 (SP1)
Default value
Half the value of the tombstone lifetime of the forest.
When the value is reached, logs event ID 2089 in the Directory Service event log, warning administrators and monitoring applications to make sure that domain controllers are backed up before the tombstone lifetime expires.
ADAM WMI Classes
The following table lists and describes the WMI classes that are associated with ADAM.
WMI Classes Associated with ADAM
| Class Name | Namespace | Version Compatibility |
|---|---|---|
rootDSE |
root\directory\LDAP |
Domain controllers and servers running ADAM:
Computers running ADAM: Windows XP Professional |
DS_LDAP_Class_Containment |
root\directory\LDAP |
Domain controllers and servers running ADAM:
Computers running ADAM: Windows XP Professional |
DS_LDAP_Instance_Containment |
root\directory\LDAP |
Domain controllers and servers running ADAM:
Computers running ADAM: Windows XP Professional |
For more information about these WMI classes, search for “Mapping Active Directory to WMI” in the WMI SDK documentation on MSDN.
Network Ports Used by ADAM
The network ports that are used by the data store are listed in the following table.
Port Assignments for the Data Store
| Service Name | UDP | TCP |
|---|---|---|
LDAP |
None |
389 |
LDAP SSL |
None |
636 |
RPC Endpoint Mapper |
135 |
135 |