Share via

Active Directory Searches Tools and Settings

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

Active Directory Searches Tools and Settings

In this section

  • Active Directory Searches Tools

  • Active Directory Searches Group Policy Settings

  • Active Directory Searches WMI Classes

  • Network Ports Used by Active Directory Searches

  • Related Information

This section contains information about the tools, Group Policy settings, Windows Management Instrumentation (WMI) classes, and network ports that are associated with Active Directory searches.

Note

In Windows 2000 Server and Windows Server 2003, the directory service is named Active Directory. In Windows Server 2008 and Windows Server 2008 R2, the directory service is named Active Directory Domain Services (AD DS). The rest of this topic refers to Active Directory, but the information is also applicable to AD DS.

Active Directory Searches Tools

The following tools are associated with Active Directory searches.

Adsiedit.msc: ADSI Edit

Category

This tool ships with Support Tools for Windows Server 2003.

Version Compatibility
Can Be Run From Can Be Run Against

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

Servers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows Server 2003, Web Edition

  • Windows Server 2008

  • Windows Server 2008 R2

Computers running:

  • Windows XP Professional

  • Windows Vista

  • Windows 7

Domain controllers running:

  • Windows Server 2008 R2

    Windows Server 2008

    Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows 2000 Server

  • Windows 2000 Advanced Server

  • Windows 2000 Datacenter Server

  •  

ADSI Edit is a Microsoft Management Console (MMC) tool that you can use to view and modify directory objects.

To find more information about ADSI Edit, see “Support Tools Help” in Tools and Settings Collection.

Dsquery.exe: Dsquery

Category

This tool ships with Windows Server 2003.

Version Compatibility
Can Be Run From Can Be Run Against

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

Servers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows Server 2003, Web Edition

Computers running:

  • Windows XP Professional

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows 2000 Server

  • Windows 2000 Advanced Server

  • Windows 2000 Datacenter Server

You can use Dsquery to perform searches against Active Directory according to specified criteria.

To find more information about Dsquery, see “Command-Line References” in Tools and Settings Collection.

Ldp.exe: Ldp

Category

This tool ships with Support Tools for Windows Server 2003.

Version Compatibility
Can Be Run From Can Be Run Against

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

Servers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows Server 2003, Web Edition

Computers running:

  • Windows XP Professional

Domain controllers running:

  • Windows Server 2008 R2

  • Windows Server 2008

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows 2000 Server

  • Windows 2000 Advanced Server

  • Windows 2000 Datacenter Server

Ldp is a Lightweight Directory Access Protocol (LDAP) graphical user interface (GUI) tool that you can use to perform operations, such as connect, bind, search, modify, add, and delete, against any LDAP-compatible directory, such as Active Directory.

To find more information about Ldp, see “Support Tools Help” in Tools and Settings Collection.

Ntdsutil.exe: Ntdsutil

Category

This tool ships with Windows Server 2003.

Version Compatibility
Can Be Run From Can Be Run Against

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

Domain controllers running:

  • Windows Server 2008 R2

  • Windows Server 2008

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

You can use Ntdsutil to perform Active Directory database maintenance, manage and control single master operations, and remove metadata left behind by domain controllers that are removed from the network without being properly uninstalled. This tool is intended for use by experienced administrators.

To find more information about Ntdsutil, see “Command-Line References” in Tools and Settings Collection.

Active Directory Searches Group Policy Settings

The following table lists and describes the Group Policy settings that are associated with Active Directory searches.

Group Policy Settings Associated with Active Directory Searches

Group Policy Setting Description

Maximum size of Active Directory searches

Specifies the maximum number of objects that the system displays in response to a command to browse or search Active Directory.

This policy affects all browse displays that are associated with Active Directory, such as those displays in Local Users and Groups, Active Directory Users and Computers, and dialog boxes that are used to set permissions for user or group objects in Active Directory.

If you enable this policy, you can use it to limit the number of objects that are returned from an Active Directory search.

If you disable this policy or if you do not configure it, the system displays up to 10,000 objects.

Enable filter in Find dialog box

Displays the filter bar above the results of an Active Directory search. The filter bar consists of buttons for applying additional filters to search results.

If you enable this policy, the filter bar appears when the Active Directory Find dialog box opens, but users can hide it.

Hide Active Directory folder

Hides the Active Directory folder in My Network Places.

The Active Directory folder displays Active Directory objects in a browse window.

If you enable this policy, the Active Directory folder does not appear in the My Network Places folder.

If you disable this policy or if you do not configure it, the Active Directory folder appears in the My Network Places folder.

To find more information about Group Policy settings, see the “Group Policy Settings Reference” in Tools and Settings Collection.

Active Directory Searches WMI Classes

The following table lists and describes the WMI classes that are associated with Active Directory searches.

WMI Classes Associated with Active Directory Searches

Class Name Namespace Version Compatibility

rootDSE

root\directory\LDAP

Domain controllers running:

  • Windows Server 2008 R2

  • Windows Server 2008

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows 2000 Server

  • Windows 2000 Advanced Server

  • Windows 2000 Datacenter Server

DS_LDAP_Class_Containment

root\directory\LDAP

Domain controllers running:

  • Windows Server 2008 R2

  • Windows Server 2008

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows 2000 Server

  • Windows 2000 Advanced Server

  • Windows 2000 Datacenter Server

DS_LDAP_Instance_Containment

root\directory\LDAP

Domain controllers running:

  • Windows Server 2008 R2

  • Windows Server 2008

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows 2000 Server

  • Windows 2000 Advanced Server

  • Windows 2000 Datacenter Server

For more information about these WMI classes, search for “Mapping Active Directory to WMI” in the WMI SDK documentation on MSDN.

Network Ports Used by Active Directory Searches

The network ports that are used by Active Directory searches are listed in the following table.

Port Assignments for Active Directory Searches

Service Name UDP TCP

LDAP

None

389

LDAP SSL

None

636

Global Catalog LDAP

None

3268

Global Catalog LDAP SSL

None

3269

The following resources contain additional information that is relevant to this section:

  • “Support Tools Help” in Tools and Settings Collection for information about ADSI Edit and Ldp

  • “Command-Line References” in Tools and Settings Collection for information about Dsquery and Ntdsutil

  • “Group Policy Settings Reference” in Tools and Settings Collection for more information about Group Policy settings for Active Directory searches

  • Microsoft Platform SDK on MSDN for more information about WMI classes for Active Directory searches (in “Mapping Active Directory to WMI”)