Ldp
Applies To: Windows Server 2008
Ldp
The Ldp dialog box consists of two panes: the console tree and the details pane. The console tree lists the base object and any child objects. The details pane lists the results of the Lightweight Directory Access Protocol (LDAP) operations. To start Ldp, click Start, right-click Command Prompt, click Run as administrator, type ldp at the command prompt, and then press ENTER.
The following sections describe the commands on the Ldp menus:
Connection
Browse
View
Options
Utilities
Connection
The following table describes the commands on the Connection menu.
Command | Details |
---|---|
Connect |
Opens a dialog box that you can use to open a session with a specified LDAP server. A connection must be established with an LDAP server before any other LDAP commands can be run. Type the appropriate port number for the service that you are connecting to. By default, LDAP uses TCP for a connection-oriented session. To use User Datagram Protocol (UDP) for a connectionless session, select the Connectionless check box. By default, a successful connection results in the appearance of RootDSE information in the details pane. |
Bind |
Opens a dialog box that you can use to authenticate a specified LDAP server. Type a user name and password of an account that has permissions to the LDAP server. If you do a simple bind with an empty password, you will be connected with anonymous credentials. As a shortcut, use the Bind command without using the Connect command to connect, and then authenticate with the server that you last connected to. Click Advanced on the Bind dialog box to open the Bind Options dialog box and configure authentication method options. The following are the options in the Bind Options dialog box.
|
Disconnect |
Terminates an open session with a specified LDAP server. Closing Ldp automatically disconnects any open sessions. |
New |
Keeps the currently connected session, but clears the details pane. The keyboard shortcut for this action is CTRL+N. |
Save |
Saves changes to a previously saved file. |
Save as |
Saves the contents of the details pane to a text file. Use the Open command to view the contents of this file in the details pane later. |
Prints the contents of the details pane. |
Browse
The following sections describe the commands on the Browse menu.
Add Child
Opens a dialog box that you can use to add objects to Active Directory Lightweight Directory Services (AD LDS). You must enter the full distinguished name of the object, as well as all the mandatory attributes for the class of object that you are adding.
The following table describes the options in the Add dialog box.
Option | Details |
---|---|
Dn |
Type the full distinguished name of the new object. |
Attribute |
Type the required or optional attribute. |
Values |
Type the values that are associated with the attribute. Separate multiple values for a single attribute with a semicolon. No spaces are required. |
Enter |
Adds the entered attribute and values to the Entry List box, and clears the Attribute and Values boxes. Continue entering attributes and values until all required and desired optional attributes are in the Entry List box. |
Insert file |
Opens a dialog box that you can use to open a text file with the appropriate attributes and values. |
Entry List |
Displays the attributes and values that you enter. |
Edit |
Opens a dialog box that you can use to enter changes to the selected entry in the Entry List box. |
Remove |
Deletes the selected entry from the Entry List box. |
Extended |
Select this check box if the object that you are adding is part of an extended control. |
Synchronous |
If this check box is selected (which is the default), Ldp is required to wait for a response from the destination server before continuing. If you clear this check box, Ldp continues before a response is received. Clear this check box when slow wide area network (WAN) connections are causing Ldp commands to time out. |
Run |
Adds the current attributes and values in the Entry List to AD LDS. If Ldp encounters any errors, the object is not added and an error message appears in the details pane. |
Delete
This command opens a dialog box that you can use to delete an object from AD LDS. Attributes can be deleted only if they are defined as optional and if they contain no values. To delete an attribute's values, on the Browse menu in the Add dialog box, click Edit.
Option | Details |
---|---|
DN |
Type the full distinguished name of the new object. |
Extended |
Select this check box if the object being modified is part of an extended control. |
Synchronous |
If this check box is selected (which is the default), Ldp is required to wait for a response from the destination server before continuing. If you clear this check box, Ldp continues before a response is received. Clear this check box when slow WAN connections are causing Ldp commands to time out. |
Recursive (client) |
Deletes all objects in a container, but does not delete the container. |
Modify
This command opens a dialog box that you can use to change the attributes of an object that is stored in AD LDS.
The following table describes the options in the Modify dialog box.
Option | Details |
---|---|
Dn |
Type the full distinguished name of the new object. |
Attribute |
Type the required or optional attribute. |
Values |
Type the values that are associated with the attribute. Separate multiple values for a single attribute with a semicolon. No spaces are required. |
Insert file |
Opens a dialog box that you can use to open a text file with the appropriate attributes and values. |
Enter |
Adds the entered attribute and values to the Entry List section of the dialog box, and clears the Attribute and Values fields. Continue entering attributes and values until all required and desired optional attributes are in the Entry List box. |
Operation |
Add, Delete, or Replace. To add a new value to an existing attribute, click Add. To permanently remove an attribute from the listed object, click Delete. Attributes that contain data cannot be deleted. Also, attempting to delete required attributes results in an error. To replace an existing value with another or to change listed values for an existing attribute, click Replace. |
Entry List |
Displays the existing attributes and values for an object. |
Edit |
Opens a dialog box that you can use to make changes to the selected entry in the Entry List box. |
Synchronous |
If this check box is selected (which is the default), Ldp is required to wait for a response from the destination server before continuing. If you clear this check box, Ldp continues before a response is received. Clear this check box when slow WAN connections are causing Ldp commands to time out. |
Extended |
Select this check box if the object being modified is part of an extended control. |
Run |
Sends the edited values in the Entry List box to AD LDS. |
Modify DN
Opens a dialog box that you can use to change the relative distinguished name of an object. This option is designed to modify leaf objects only. If you rename the container portion of the distinguished name, the object moves to the container that is named.
The following table describes the options in the Modify RDN dialog box.
Option | Details |
---|---|
Old Dn |
Type the current distinguished name of the object. |
New Dn |
Type the new distinguished name for the object. |
Delete Old |
If this check box is selected (which is the default), the old distinguished name is removed from the LDAP directory. |
Synchronous |
If this check box is selected (which is the default), Ldp is required to wait for a response from the destination server before continuing. If you clear this check box, Ldp continues before a response is received. Clear this check box when slow WAN connections are causing Ldp commands to time out. |
Extended rename |
Select this check box if the object being renamed is part of an extended control. |
Run |
Sends the change to AD LDS. |
Search
Opens a dialog box that you can use to create a customized search filter and to perform the search on the directory information tree. The search base must be specified as a distinguished name, and the filter must be a valid LDAP filter. Items that are returned from a search are separated by >> characters.
The following table describes the options in the Search dialog box.
Option | Details |
---|---|
Base Dn |
Type a distinguished name to specify where the search starts. |
Filter |
Type the search criteria, separated by LDAP search filters. Type attributes and values to find an object or set of objects. Note that LDAP search filters are defined in RFC 2254 and in the article 255602 at the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?linkid=4441). |
Scope |
Specifies how many levels the search encompasses. |
Base |
Searches the base object only. |
One Level |
Searches objects immediately subordinate to the base object, but does not search the base object. |
Subtree |
Searches the entire subtree, from the base object down to all child objects. |
Options |
Opens the Search Options dialog box. You can use these options to apply filters that allow some entries and exclude others from the search and that allow you to control the way the search is processed. |
Run |
Sends the search request to AD LDS. |
Compare
Opens a dialog box that you can use to compare the value of an attribute of an object with a specified value. The result returned is either true or false.
The following table describes options in the Compare dialog box.
Option | Details |
---|---|
Dn |
Type the full distinguished name of the object whose values will be compared. |
Attribute |
Type the attribute to be compared. |
Value |
Type the value that will be compared with the existing value in AD LDS. Separate multiple values for a single attribute with a semicolon. No spaces are required. |
Synchronous |
If this check box is selected (which is the default), Ldp is required to wait for a response from the destination server before continuing. If you clear this check box, Ldp continues before a response is received. Clear this check box when slow WAN connections are causing Ldp commands to time out. |
Run |
Starts the comparison. |
Extended Op
Opens a dialog box that you can use to submit an extended operation to an LDAP directory by specifying an LDAP object identifier (also known as OID) and an applicable value.
The following table describes the options in the Extended Operations dialog box.
Option | Details |
---|---|
Oid |
Type the object identifier number. |
Data |
Type the value of the object identifier attribute. |
Controls |
See Controls Option in the Options section. |
Send |
Submits the extended operation to AD LDS. |
GetLastError
Calls the LDAP GetLastError function.
Security
Opens a dialog box that you can use to submit an extended operation to an LDAP directory by specifying an LDAP object identifier and an applicable value.
The following table describes the options in the Security Descriptor dialog box.
Option | Details |
---|---|
Security Descriptor |
Opens a dialog box that you can use to view access permissions on an object. |
Replication
Opens a dialog box that you can use to submit an extended operation to an LDAP directory by specifying an LDAP object identifier and an applicable value.
The following table describes the options in the Replication Metadata dialog box.
Option | Details |
---|---|
Replication/View Metadata |
In Object DN, type the distinguished name of the object whose replication metadata you want to view. |
Process Pending
Opens a dialog box that shows the list of requests that are not finished processing.
View
The following table describes the commands on the View menu.
Command | Details |
---|---|
Tree |
In BaseDN, type the distinguished name of the object to use as the base object in the navigation pane. |
Enterprise Configuration |
This menu option does not apply to AD LDS. |
Status Bar |
Shows or hides the status bar, which is located along the bottom of the LDAP window. |
Options
The following sections describe the commands on the Options menu.
Search
The following table describes the options in the Search Options dialog box.
Option | Details |
---|---|
Time limit |
Type the number of milliseconds that the search can take on the server. By default, the maximum is 120 seconds. |
Size limit |
Type the maximum number of bytes that the search can return. Typing a null value does not place a maximum size on the data that is returned. |
Timeout (s) |
Type the number of seconds that Ldp waits for the LDAP server to respond to a search request. |
Timeout (ms) |
Type the number of milliseconds that Ldp waits for the LDAP server to respond to a search request. |
Page size |
Type the maximum size, in bytes, of each page of returned data. |
Attributes |
Specifies which attributes to return in the search. Separate multiple attributes with a semicolon. Use the wildcard character (*) to indicate all attributes. |
Search Call Type |
Specifies a call type to use in the search. If the search will take some time, you can click Async. so that you can perform other tasks while waiting for the search to complete. |
Attributes Only |
Select this check box to return only attributes of objects. The distinguished name is not returned. |
Chase referrals |
Performs a search for objects that are found in external LDAP directories. By default, the objects' trusts of external LDAP directories return only a referral instead of the actual object. |
Display Results |
Displays a detailed list of objects that are returned by the search. By default, only a success or failure and the number of objects found appear. |
Sort Keys |
Opens the Sort Keys dialog box. See the Sort Keys section below. |
Controls |
Opens the Controls dialog box. |
Pending
Opens a dialog box that you can use to place filters on the list of processes that have not yet completed.
The following table describes the options in the Pending Options dialog box.
Option | Details |
---|---|
All search results |
Specifies that all search results display. |
Blocking |
Clear this check box to set a time limit. |
Time Limit (sec): |
Type a time limit in seconds. |
Time Limit (millisec): |
Type a time limit in milliseconds. |
General
The following table describes the options in the General Options dialog box.
Option | Details |
---|---|
Value Parsing |
Specifies the display format of the LDAP data. Binary displays the LDAP information in its native numerical format. String converts the LDAP information from its native format to ASCII characters so that it is more readable when it is displayed. This is the default setting. Values that are too long to be converted are still displayed in binary form. |
LDAP Version |
Specifies which version of LDAP the server is using. The default is version 3. |
DN processing |
Converts the distinguished names, which are displayed in component parts, by extending the data types that Ldp returns when it performs a command. |
Buffer Size |
In Number of lines, type the number of returned lines to display per command. In Chars per line, type the number of returned characters to display per command. |
Auto default NC query |
Specifies that Ldp queries the default naming context when a connection to the LDAP server is made. The default naming context is the RootDSE. This setting is used when the distinguished name value in the View|Tree dialog box is left blank. |
Virtual List View (VLV) |
Select the Auto VLV browse when check box to display a virtual list view whenever the object count is greater than the value that is displayed in the container size is greater than box. The default value is 100. |
Connection Options
Opens a dialog box that you can use to change the value of any option.
The following table describes the options in the Connection Options dialog box.
Option | Details |
---|---|
Option Name |
Type the name of the option whose value will be reset. |
Value |
Type the new value for the specified option. |
Set |
Sends the information to the LDAP directory. |
Controls
In the Controls dialog box, enter information to extend the functionality of LDAP.
The Object Identifier option must be specified when you implement a control. To obtain a list of object identifiers, view the supportedControls property in the RootDSE of a domain controller.
Additional considerations
Only server controls can be sent to a server. Client controls work only with LDAP application programming interfaces (APIs).
To view a list of extended LDAP controls, see article 222560 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?linkid=4441).
Sort Keys
Sort Keys is a type of control that formats the display of search results. To format the display of your search results, in the Sort Keys dialog box, type an attribute type.
TLS
The following table describes the subcommands for the TLS command.
Option | Details |
---|---|
StartTLS or StopTLS |
Starts or stops a secure session with the LDAP server that uses Transport Layer Security (TLS). |
Utilities
The following table describes the commands on the Utilities menu.
Option | Details |
---|---|
Large Integer Converter |
To convert long integers into high and low parts, type a value in the String box. |
SID Lookup |
To determine the domain\user that is associated with a given security ID (SID), type a SID into List of sids, and then click OK. The associated domain\user appears in the details pane. |