Home » 
Applicable For Endpoint Central MSP 
 
 
On-PremisesCloud

Windows LDP Tool Analysis

The Windows LDP tool is a graphical user interface (GUI) tool used to perform Lightweight Directory Access Protocol (LDAP) operations against Active Directory. LDP provides a way to perform various LDAP operations such as search, modify, add, delete, and compare entries within an LDAP directory. It allows administrators to interact with the directory service visually, making it easier to manage objects and attributes within the directory.

Basic LDP Tool Analysis

  • Download the LDAP tool from here.
  • Place the LDP tool on either the Endpoint Central Server machine (for On-premise) or the AD connector DS machine (for Cloud). Run the LDP.exe tool with administrative privileges.
  • In the tool, navigate to Connection -> Connect.

    • ldp1

  • Provide the domain controller name, and click OK to connect to the domain. In case of LDAP SSL, enable the SSL option, enter the port number and click OK.

    • ldp2

  • Go to Connection -> Bind, choose Bind with credentials. The Username, password, and Domain Name should be of that used for this domain in Endpoint Central. Click OK.

    • ldp3

  • Go to View -> Tree and provide Distinguished name of the Domain (for ex: DC=DUMMY,DC=TEST,DC=COM)

    • ldp4

  • Expand the Domain hive on the left side to see the Containers and OUs hive. Confirm that the required objects are retrievable by expanding the hive.

LDP Tool Analysis for Specific Filters

For example, when searching for users within the domain, we can utilize the filter "(&(objectCategory=person)(objectClass=user))" to retrieve users that belong to the base DN. After the connection is made and objects can be retrieved, follow the steps below:

  • Go to Options -> Search and uncheck the "Display Results" option and click OK.

    • ldp5

  • Go to Browser -> Search and provide the Base DN. For example, "DC=dummy,DC=test,DC=com", if AD domain name is dummy.test.com.
  • Provide the filter [ For eg. "(&(objectCategory=person)(objectClass=user))" ] and click on Run. The number of objects retrieved by the filter will be displayed.

    • ldp6

LDP Tool Analysis to Check Whether Deleted Objects Can be Retrieved

After the connection is made and objects can be retrieved, follow the steps below:

  • In the Options menu, select Controls. In the Controls dialog box, open the Load Predefined drop-down list, select "Return deleted objects" and click OK.

    • ldp7

  • Minimize and expand the forest root domain in the console tree to refresh the data. Double-click the "CN=Deleted Objects,DC=Dummy,DC=local" node, where DC=Dummy,DC=local is the distinguished name of your forest root domain. Check whether the deleted objects are retrieved in the given forest root. If there is no access, no objects will be displayed.
Was this article helpful?

Thank you for your feedback!

Sorry about that!

By clicking "Submit", you agree to processing of personal data according to thePrivacy Policy.
Back to Top