Ldp.exe: LDP Tool Options

codeling 1264 - 5430
@2016-12-30 22:41:58

Ldp.exe is a Lightweight Directory Access Protocol (LDAP) client that allows users to perform operations (such as connect, bind, search, modify, add, delete) against any LDAP-compatible directory, such as Active Directory. LDP is used to view objects stored in Active Directory along with their metadata, such as security descriptors and replication metadata.

codeling 1264 - 5430
@2016-12-30 22:45:57

Connecting to the Directory

If you click Connect on the Connections menu, a dialog box is displayed in which you can type a directory server name. If you click OK without specifying a server, LDP connects you to the last server that you accessed, or your logon server (LOGONSERVER). To determine your logon server, type SET at a command prompt.

After you connect, the directory sends "RootDSE" information about itself. The following is a truncated example of RootDSE information:

ld = ldap_open("win2000-dc-01", 389);
Established connection to win2000-dc-01.
Retrieving base DSA information...
Result <0>: (null)
Matched DNs: 
Getting 1 entries:
>> Dn: 
	1> currentTime: 2/24/2000 20:30:12 Pacific Standard Time Pacific Daylight Time; 
	3> namingContexts: DC=redmond,DC=wa,DC=microsoft,DC=com; 
	1> defaultNamingContext: DC=redmond,DC=wa,DC=microsoft,DC=com; 
	1> rootDomainNamingContext: DC=corp,DC=microsoft,DC=com; 
	2> supportedLDAPVersion: 3; 2; 
	1> dnsHostName: WIN2000-DC-01.redmond.wa.microsoft.com;

RootDSE information provides the information that you need to begin to browse the directory. Pay special attention to the defaultNamingContext entry.

codeling 1264 - 5430
@2016-12-30 22:46:39

Binding to the Directory

If you click Bind on the Connections menu, you can authenticate yourself to the directory. When you connect to the directory you establish communication, but you have not presented any authenticating credentials. Most directories provide very limited access to their information until you authenticate yourself by using the Bind option on the Connections menu.

After you bind to the directory, the information that is displayed is dependent on the permissions that are assigned to your user account. Parts of the directory tree and attributes of specific objects to which you are denied access are not displayed. Do not assume that because you cannot see an object or attribute, the object or attribute does not exist.

An LDAP directory is organized in a hierarchy that is similar to the hierarchy of folders in a file system. The following entry is similar to a file system path:


If this were a file system path, it might be written as the following:


Containers and objects in a directory are of specific types. Among the most commonly used types are the DC (Domain Component or Directory Context), CN (Common Name), and OU (Organizational Unit) types. You must correctly identify the type when you refer to a container or object in an LDAP query.

codeling 1264 - 5430
@2016-12-30 22:52:44

Viewing the Directory Tree Structure

On the View menu, click Tree. You are prompted to supply a base Distinguished Name (DN). If the Auto Base DN Query option is enabled, click OK to connect to the defaultNamingContext as your relative tree root. You can also type a base DN, or copy and paste one from the RootDSE information.

The directory tree is displayed in the left pane of the LDP utility, and you can expand the directory tree to look at subcontainers and objects. When you double-click an object in the directory tree, the attribute information is displayed in the results pane on the right. Results are formatted differently depending on whether the Value Parsing option is set to String or Binary. (To set the Value Parsing option, click General in the Options dialog box, and then change the Value Parsing option.) To browse most attributes, the String setting provides more readable formatting. With string formatting, some attributes may be displayed as the following:

ldp: Binary blob

If you need to see the actual data for these attributes, switch to binary value parsing.

Older results scroll out of the results buffer to make room for new information. Under Buffer Size, increase the Page value to retain more information. (To change the Buffer Size option, click General in the Options dialog box, and then under Buffer Size, change the Page value as necessary.) You can save the current results as plain text by clicking Connections, and then clicking Save As.

You can clear your search results buffer by clicking Connections, and then clicking New. This does not unbind you from your current server.

Users browsing this topic