Manage an AD LDS Instance Using Ldp.exe

  • Article

Applies To: Windows Server 2008

Ldp.exe is a graphical user interface (GUI) tool that can be used for general administration of a Lightweight Directory Access Protocol (LDAP) directory service. You can use this procedure and Ldp.exe to administer an Active Directory Lightweight Directory Services (AD LDS) instance. You must connect and bind to the instance and then display the hierarchy (tree) of a distinguished name of the instance. You can then browse to an object in the tree and right-click the object to administer it.

Membership in Administrators, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

To manage an AD LDS instance by using Ldp.exe

  1. Click Start, and then click Server Manager.

  2. In the console tree, double-click Roles, and then click Active Directory Lightweight Directory Services.

  3. In the details pane, under the Advanced Tools, click Ldp.exe.

  4. On the Connection menu, click Connect.

  5. In Server, type the Domain Name System (DNS) name, NetBIOS name, or IP address of the computer on which the AD LDS instance is running.

  6. In Port, type the LDAP or Secure Sockets Layer (SSL) communication port number that the AD LDS instance to which you want to connect is using, and then click OK.

  7. On the Connection menu, click Bind.

  8. Do one of the following:

    • To bind by using the credentials that you logged on with, click Bind as currently logged on user.

    • To bind by using a domain user account, click Bind with credentials; type the user name, password, and domain name (or the computer name, if you are using a local workstation account) of the account that you are using; and then click OK.

    • To bind by using just a user name and password, click Simple bind, type the user name and password of the account that you are using, and then click OK.

    • To bind by using an advanced method (NTLM, Distributed Password Authentication (DPA), negotiate, or digest), click Advanced (method), click Advanced, in Method select the desired method, set other options as needed, and then click OK.

  9. When you are finished specifying the bind options, click OK.

  10. On the View menu, click Tree.

  11. In the Tree View dialog box, do one of the following:

    • To view all directory partitions on the AD LDS instance, click OK.

    • To view only a specific directory partition on the AD LDS instance, type the distinguished name of the directory partition in BaseDN, and then click OK.

  12. In the console tree, double-click a directory partition object to view its top-level containers.

  13. Double-click a top-level container to view the next level of objects in that container.

  14. Do one of the following:

    • Continue to double-click the next lowest container level to continue to move down a directory tree branch.

    • To view a directory object at the current directory level, double-click the object in the console tree, and then, in the details pane, view object details.

  15. To close Ldp.exe, on the Connection menu, click Exit.

Additional Considerations

  • The default communication port for LDAP is 389. The default communication port for SSL is 636.

  • To connect to an AD LDS instance that is running on the local computer, type localhost as the server name.

Note

For detailed instructions for connecting to an AD LDS instance that has the SSL option enabled by using Ldp.exe, see Appendix A: Configuring LDAP over SSL Requirements for AD LDS.