How can the LDAP Utility (LDP.exe) be used to troubleshoot connectivity and permission issues? (4349160)

During a migration, errors or information messages occur where LDAP is mentioned. How can the LDAP utility (LDP.exe) be used to troubleshoot connectivity and permission issues?

LDP.exe is part of Windows 2000 and later Support Tools. It is also included in Windows XP Service Pack 2 Support Tools.

To start using LDP.EXE:

1. Click Start | Run and type LDP, then click OK.

2. Click Connection, then click Connect.

3. Type the server name and select the port (389).

4. Click Connection, then click Bind.

Quest Products typically use LDAP Simple Binds to connect to Active Directory and Exchange.

Simple Bind Syntax for Active Directory:

file | bind - use the following syntax for a user with the domain checkbox unchecked. Example: cn=administrator,cn=users,dc=domainname,dc=com (Any valid user)
- Enter the Password

LDP screen will output the following:

res = ldap_simple_bind_s(ld, 'cn=username, dc=domain-name, cn=admin', <unavailable>); // v.3
Authenticated as dn:'cn=cn=administrator,cn=users,dc=domainname,dc=com'.



Simple Bind Syntax For 5.5:
- file | bind - use the following syntax for user with the domain checkbox unchecked. - Example: cn=username, dc=domain-name, cn=admin (Any valid user)
- Enter the password

LDP screen will output the following:
res = ldap_simple_bind_s(ld, 'cn=username, dc=domain-name, cn=admin', <unavailable>); // v.3
Authenticated as dn:'cn=username, dc=domain-name, cn=admin'.

5. Click View | Tree. In Active Directory, if you select "Leave BaseDN" blank it will allow you to see the entire directory tree, otherwise change to a specific Tree level.

NOTE: In Exchange 5.5 the Directory Tree, it needs to be typed in - Example: cn=recipients,ou=MySiteName,o=MyOrgName

6. Expand the tree by clicking the plus sign (+) on Left Side.

For more information refer to a Microsoft Article ID 252335 - "How to Use Ldp.exe to View Entire Directory Tree and Locate the Microsoft Exchange Container":
http://support.microsoft.com/default.aspx?scid=kb;en-us;252335

NOTE: If the ldp.exe tool is used, then by connecting to the server, binding as an administrator, and viewing the directory tree, the object SID and the SID History can be seen in its normal form and not as hexadecimal value.

Please also see LDP.DOC Help file located under Program Files\Support Tools by default. It is attached to the current article for your convenience.