Ldp UI
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
LDP UI
LDP Dialog Box
The LDP dialog box consists of two panes. The left navigation pane lists the base object and any child objects. The right details pane lists the results of the LDAP operations.
Connection Menu
Connection menu options:
| Option | Description |
|---|---|
Connect |
Opens a dialog box that you can use to open a session with a specified LDAP server. A connection must be established with an LDAP server before any other LDAP commands can be run. Enter the appropriate port number for the service you are connecting to. By default, LDAP uses TCP for a connection-oriented session. To use UDP for a connectionless session, select the Connectionless check box. By default, a successful connection results in the display of the RootDSE information in the details pane. |
Bind |
Opens a dialog box you can use to authenticate a specified LDAP server. Enter a user name and password of an account that has permissions to the LDAP server. If you enter an invalid user name, then you will be connected with anonymous credentials. As a shortcut, use the Bind option without using the Connect option to connect, and authenticate with the server last connected to. |
Advance |
Opens a dialog box that you can use to set options for the authentication methods. See Bind Options under the Options menu. |
Disconnect |
Terminates an open session with a specified LDAP server. Closing the LDP application automatically disconnects any open sessions. |
New |
Keeps the currently connected session, but clears the details pane. The keyboard shortcut for this action is CTRL+N. By default, the details pane is accumulative. |
Open |
Opens text files and places the information in the details pane. |
Save |
Saves changes to a previously saved file. |
Save as |
Saves the contents of the details pane to a text file. Use the Open command to view the contents of this file in the details pane later. |
Prints the details pane. |
Note
- LDP can connect to only one LDAP server at a time. If you use the Connect command while connected to a server, the current session is disconnected.
Browse Menu
Browse menu options:
Add
Opens a dialog box that you can use to add objects to Active Directory. You must enter the full distinguished name of the object, as well as all the mandatory attributes for the class of object being added.
| Option | Description |
|---|---|
DN |
Enter the full distinguished name of the new object. |
Attribute |
Enter the required or optional attribute. |
Values |
Enter the value(s) associated with the attribute. Separate multiple values for a single attribute with a semicolon. No spaces are required. |
Enter |
Adds the entered attribute and value(s) to the Entry List section of the dialog box, and clears the Attribute and Value fields. Continue entering attributes and values until all required and desired optional attributes are on the Entry List. |
Insert File |
Opens a dialog box that allows you to use a text file with the appropriate attributes and values. |
Entry List |
Displays entered attributes and values. |
Edit |
Opens a dialog box that you can use to enter changes to the selected entry from the Entry List. |
Remove |
Deletes the selected entry from the Entry List. |
Extended |
Select this check box if the object being added is part of an extended control. |
Synchronous |
If selected (the default), requires LDP to wait for a response from the destination server before continuing. If you clear this check box, LDP continues before a response is received. Clear this check box when slow WAN connections are causing LDP commands to time out. |
Run |
Adds the current attributes and values in the Entry List to Active Directory. If LDP encounters any errors, then the object is not added and the error message displays in the details pane. |
Delete |
Opens a dialog box that you can use to delete an object from Active Directory. Attributes can be deleted only if they are defined as optional and contain no values. Use the Edit command to delete an attribute's values. |
DN
| Option | Description |
|---|---|
Dn |
Enter the full distinguished name of the new object. |
Extended |
Select this check box if the object being deleted is part of an extended control. |
Synchronous |
If selected (the default), requires LDP to wait for a response from the destination server before continuing. If you clear this check box, LDP continues before a response is received. Clear this check box when slow WAN connections are causing LDP commands to time out. |
Recursive (client) |
Deletes all objects in a container, but does not delete the container. |
Modify
Opens a dialog box you can use to change attributes of an object stored in Active Directory.
| Option | Description |
|---|---|
Dn |
Enter the full distinguished name of the new object. |
Attribute |
Enter the required or optional attribute. |
Values |
Enter the value(s) associated with the attribute. Separate multiple values for a single attribute with a semicolon. No spaces are required. |
Insert Files |
Opens a dialog box that allows you to use a text file with the appropriate attributes and values. |
Enter |
Adds the entered attribute and value(s) to the Entry List section of the dialog box, and clears the Attribute and Value fields. Continue entering attributes and values until all required and desired optional attributes are on the Entry List. |
Operation Section |
Add, Delete, or Replace. Choose Add to add a new value to an existing attribute. Choose Delete to permanently remove an attribute from the listed object. Attributes containing data cannot be deleted. Also, attempting to delete required attributes results in an error. Choose Replace to replace an existing value with another, or to change listed values for an existing attribute. |
Entry List Section |
Displays existing attributes and values for an object. |
Edit |
Opens a dialog box you can use to changes the selected entry from the Entry List. |
Synchronous |
If selected (the default), requires LDP to wait for a response from the destination server before continuing. If you clear this check box, LDP continues before a response is received. Clear this check box when slow WAN connections are causing LDP commands to time out. |
Extended |
Select this check box if the object being modified is part of an extended control. |
Run |
Sends the edited values in the Entry List to Active Directory. |
Modify RDN
Opens a dialog box you can use to change the relative distinguished name of an object. This option is designed to modify leaf objects only. If you rename the container portion of the distinguished name, then the object moves to the container that is named.
| Option | Description |
|---|---|
Old DN |
Enter the current distinguished name of the object. |
New DN |
Enter the new distinguished name for the object. |
Delete Old |
If selected (the default), removes the old distinguished name from the LDAP directory. |
Synchronous |
If selected (the default), requires LDP to wait for a response from the destination server before continuing. If you clear this check box, LDP continues before a response is received. Clear this check box when slow WAN connections are causing LDP commands to time out. |
Extended rename |
Select this check box if the object being renamed is part of an extended control. |
Run |
Sends the change to Active Directory. |
Search
Opens a dialog box that you can use to create a customized search filter and to perform the search on the directory information tree. The search base must be specified as a distinguished name, and the filter must be a valid LDAP filter. Items returned from a search are separated by >> characters.
| Option | Description |
|---|---|
Base DN |
Enter a distinguished name to specify where the search starts. |
Filter |
Enter the search criteria separated by LDAP search filters. Enter attributes and values to find an object or set of objects. Note: LDAP search filters are defined in RFC 2254, and in the Knowledge Base Article Q255602 "Browsing and Querying Using the LDP Utility" at Microsoft Product Support Services. |
Scope Section |
Specifies how many levels the search encompasses. |
Base |
Searches the base object only. |
One Level |
Searches objects immediately subordinate to the base object, but does not search the base object. |
Subtree |
Searches the entire subtree, from the base object down to all child objects. |
Options Button |
Opens the Search Options dialog box. You can use it to apply filters that allow some entries and exclude others from the search, and that allow you to control the way the search is processed. See the Options menu for more details. |
Run |
Click this button to send the search request to Active Directory. |
Compare
Opens a dialog box you can use to compare the value of an attribute of an object with a specified value. The result returned is either true or false.
| Option | Description |
|---|---|
DN |
Enter the full distinguished name of the object whose value(s) will be compared. |
Attribute |
Enter attribute to be compared. |
Values |
Enter the value(s) that will be compared with the existing value in Active Directory. Separate multiple values for a single attribute with a semicolon. No spaces are required. |
Synchronous |
If selected (the default), requires LDP to wait for a response from the destination server before continuing. If you clear this check box, LDP continues before a response is received. Clear this check box when slow WAN connections are causing LDP commands to time out. |
Run |
Starts the comparison. |
Extended Op
Opens a dialog box you can use to submit an extended operation to an LDAP Directory by specifying an LDAP object identifier (OID) and an applicable value.
| Option | Description |
|---|---|
Oid |
Enter the object ID number. |
Data |
Enter the value of the object identifier (OID) attribute. |
Controls |
See Controls Option under the Options menu. |
Send |
Submits the extended operation to Active Directory. |
GetLastError
Calls the LDAP Getlasterror function.
Security
Opens a dialog box you can use to submit an extended operation to an LDAP directory by specifying an LDAP object identifier (OID) and an applicable value.
| Option | Description |
|---|---|
Security Descriptor |
Opens a dialog box you can use to view access permissions on an object. |
User Rights |
Not implemented yet. |
Replication
Opens a dialog box you can use to submit an extended operation to an LDAP directory by specifying an LDAP object identifier (OID) and an applicable value.
| Option | Description |
|---|---|
View Metadata |
Opens a dialog box you can use to view replication metadata of an object. This command is useful to identify whether the objects are up to date and replicated between domain controllers. |
Process Pending
Opens a dialog box that shows the list of requests that are not finished processing.
View Menu
The View menu options:
| Option | Description |
|---|---|
Status Bar |
Shows or hides the status bar located along the bottom of the LDAP window. |
Tree |
Opens a dialog box you can use to specify the base object in the navigation pane. You can enter a default base object in the General Options dialog box in the Auto Base DN Query field. By default, this field is blank and no object is listed in the navigation pane. |
Enterprise Configuration |
Opens the Live Enterprise Tree dialog box, which shows a graphic display of all domains and domain controllers in the enterprise. The dialog box indicates whether the domain controllers are online or offline by marking offline domain controllers with a red "X". |
Auto Refresh (min): |
Enter the number of minutes for LDP to wait before refreshing the display. |
Refresh |
Manually refreshes the display. |
Options Menu
Options menu options:
Bind Options
| Option | Description |
|---|---|
Function Type |
Specifies a category of authentication for LDP to use when choosing authentication methods. |
Generic |
Specifies to use a standard authentication protocol. |
Simple |
Specifies to use no authentication protocol and to send the password in clear text. |
Extended |
Not available. |
Method |
Selects the type of authentication that LDP uses when passing credentials. |
Synchronous |
Specifies that the authenticating server must respond immediately to requests. This option works only with simple authentication. |
Use auth. identit |
Allows the use of alternate authentication credentials. All authentication methods except simple require synchronous calls. |
Search Options
| Option | Description |
|---|---|
Time Limit |
Enter the number of milliseconds that the search can take on the server. By default the maximum is 120 seconds. |
Size Limit |
Enter the maximum number of bytes that the search can return. Entering a null value does not place a maximum size on the data returned. |
Timeout (s) |
Enter the number of seconds that LDP waits for the LDAP server to respond to a search request. |
Timeout (ms) |
Enter the number of milliseconds that LDP waits for the LDAP server to respond to a search request. |
Page Size |
Enter the maximum size, in bytes, of each page of returned data. |
Attributes |
Specifies which attributes to return in the search. Separate multiple attributes with a semicolon. Use the wildcard character (*) to indicate all attributes. |
Search Call Type |
Specifies a call type to use in the search. If the search will take some time, you can select async to allow you to perform other tasks while waiting for the search to complete. |
Attributes Only |
Select this check box to return only attributes of objects. The distinguished name is not returned. |
Chase Referrals |
Performs a search for objects found in external LDAP directories. By default, the objects' trusts of external LDAP directories return only a referral instead of the actual object. |
Display Results |
Displays a detailed list of objects returned by the search. By default, only a success or failure and the number of objects found display. |
Sort Keys |
Opens the Sort Keys Option dialog box. See Sort Keys under the Options menu. |
Controls |
Opens the Controls Option dialog box. |
Pending Options
Opens a dialog box you can use to place filters on the list of processes that have not yet completed.
| Option | Description |
|---|---|
All search results |
Specifies that all search results display. |
Blocking |
Clear this check box to set a time limit. |
Time Limit (sec): |
Enter a time limit in seconds. |
Time Limit (millisec): |
Enter a time limit milliseconds. |
General Options
Value Parsing Section
| Option | Description |
|---|---|
Binary |
Displays the LDAP information in its native numerical format. |
String |
Converts the LDAP information from its native format to ASCII characters so that it is more readable when displayed. This is the default setting. Values that are too long to be converted are still displayed in binary form. |
LDAP Version Section |
Specifies which version of LDAP the server is using. The default is version 3. |
DN Processing Section |
Converts the distinguished names, displayed in component parts, by extending the data types that LDP returns when performing a command. |
Buffer Size Section
| Option | Description |
|---|---|
Page |
Enter the number of returned lines to display per command. |
Line |
Enter the number of returned characters to display per command. |
Auto default NC query |
Specifies that LDP queries the default naming context when a connection to the LDAP server is made. The default naming context is the RootDSE. This setting is used when the distinguished name value in the View|Tree dialog box is left blank. |
Virtual List View (VLV) Section
| Option | Description |
|---|---|
Auto VLV browse when container size is greater than: |
Select this check box to display a virtual list view whenever the object count is greater than the value displayed in the field. The default value is 100. |
Connection Options
Opens a dialog box you can use to change the value of any option.
| Option | Description |
|---|---|
Option Name |
Enter the name of the option whose value will be reset. |
Value |
Enter the new value for the specified option. |
Set |
Sends the information to the LDAP directory. |
TLS Options
| Option | Description |
|---|---|
StartTLS or StopTLS |
Starts or stops a secure session with the LDAP server that uses Transport Level Security (TLS). |
Controls Option
In the Controls dialog box, enter values to extend the functionality of LDAP.
The object identifier must be specified when implementing a control. To obtain a list of object identifiers, view the supportedControls property in the RootDSE of a domain controller. Individual controls are described in the Understanding LDAP white paper on the Microsoft Web site
Note
Only server controls can be sent to a server. Client controls work only with LDAP APIs.
To view a list of extended LDAP controls, see the Knowledge Base article Q222560 "Windows 2000 Extended LDAP Controls" at Microsoft Product Support Services.
Sort Keys Option
Sort Keys is a type of control that formats the display of search results. To format the display of your search results, in the Sort Keys dialog box, enter an attribute type.
For more information find sortKeyRequestControl in the Understanding LDAP white paper on the Microsoft Web site.
Utilities Menu
Utilities menu options:
| Option | Description |
|---|---|
Large Integer Converter |
To convert long integers into high and low parts, enter a value in the String field. |
Note
- LDP can connect to only one LDAP server at a time. Using the Connect command while connected to a server disconnects the current session.
See Also
Concepts
Ldp Overview
Ldp Remarks
Ldp Examples
Alphabetical List of Tools
Search Overview
Replmon Overview
Repadmin Overview
Movetree.exe
Dsastat Overview
Clonepr Overview
ADSI Edit (adsiedit.msc)
Acldiag Overview