Active Directory Searches Tools and Settings
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2
Active Directory Searches Tools and Settings
In this section
Active Directory Searches Tools
Active Directory Searches Group Policy Settings
Active Directory Searches WMI Classes
Network Ports Used by Active Directory Searches
Related Information
This section contains information about the tools, Group Policy settings, Windows Management Instrumentation (WMI) classes, and network ports that are associated with Active Directory searches.
Note
In Windows 2000 Server and Windows Server 2003, the directory service is named Active Directory. In Windows Server 2008 and Windows Server 2008 R2, the directory service is named Active Directory Domain Services (AD DS). The rest of this topic refers to Active Directory, but the information is also applicable to AD DS.
Active Directory Searches Tools
The following tools are associated with Active Directory searches.
Adsiedit.msc: ADSI Edit
Category
This tool ships with Support Tools for Windows Server 2003.
Version Compatibility
| Can Be Run From | Can Be Run Against |
|---|---|
Domain controllers running:
Servers running:
Computers running:
|
Domain controllers running:
|
ADSI Edit is a Microsoft Management Console (MMC) tool that you can use to view and modify directory objects.
To find more information about ADSI Edit, see “Support Tools Help” in Tools and Settings Collection.
Dsquery.exe: Dsquery
Category
This tool ships with Windows Server 2003.
Version Compatibility
| Can Be Run From | Can Be Run Against |
|---|---|
Domain controllers running:
Servers running:
Computers running:
|
Domain controllers running:
|
You can use Dsquery to perform searches against Active Directory according to specified criteria.
To find more information about Dsquery, see “Command-Line References” in Tools and Settings Collection.
Ldp.exe: Ldp
Category
This tool ships with Support Tools for Windows Server 2003.
Version Compatibility
| Can Be Run From | Can Be Run Against |
|---|---|
Domain controllers running:
Servers running:
Computers running:
|
Domain controllers running:
|
Ldp is a Lightweight Directory Access Protocol (LDAP) graphical user interface (GUI) tool that you can use to perform operations, such as connect, bind, search, modify, add, and delete, against any LDAP-compatible directory, such as Active Directory.
To find more information about Ldp, see “Support Tools Help” in Tools and Settings Collection.
Ntdsutil.exe: Ntdsutil
Category
This tool ships with Windows Server 2003.
Version Compatibility
| Can Be Run From | Can Be Run Against |
|---|---|
Domain controllers running:
|
Domain controllers running:
|
You can use Ntdsutil to perform Active Directory database maintenance, manage and control single master operations, and remove metadata left behind by domain controllers that are removed from the network without being properly uninstalled. This tool is intended for use by experienced administrators.
To find more information about Ntdsutil, see “Command-Line References” in Tools and Settings Collection.
Active Directory Searches Group Policy Settings
The following table lists and describes the Group Policy settings that are associated with Active Directory searches.
Group Policy Settings Associated with Active Directory Searches
| Group Policy Setting | Description |
|---|---|
Maximum size of Active Directory searches |
Specifies the maximum number of objects that the system displays in response to a command to browse or search Active Directory. This policy affects all browse displays that are associated with Active Directory, such as those displays in Local Users and Groups, Active Directory Users and Computers, and dialog boxes that are used to set permissions for user or group objects in Active Directory. If you enable this policy, you can use it to limit the number of objects that are returned from an Active Directory search. If you disable this policy or if you do not configure it, the system displays up to 10,000 objects. |
Enable filter in Find dialog box |
Displays the filter bar above the results of an Active Directory search. The filter bar consists of buttons for applying additional filters to search results. If you enable this policy, the filter bar appears when the Active Directory Find dialog box opens, but users can hide it. |
Hide Active Directory folder |
Hides the Active Directory folder in My Network Places. The Active Directory folder displays Active Directory objects in a browse window. If you enable this policy, the Active Directory folder does not appear in the My Network Places folder. If you disable this policy or if you do not configure it, the Active Directory folder appears in the My Network Places folder. |
To find more information about Group Policy settings, see the “Group Policy Settings Reference” in Tools and Settings Collection.
Active Directory Searches WMI Classes
The following table lists and describes the WMI classes that are associated with Active Directory searches.
WMI Classes Associated with Active Directory Searches
| Class Name | Namespace | Version Compatibility |
|---|---|---|
rootDSE |
root\directory\LDAP |
Domain controllers running:
|
DS_LDAP_Class_Containment |
root\directory\LDAP |
Domain controllers running:
|
DS_LDAP_Instance_Containment |
root\directory\LDAP |
Domain controllers running:
|
For more information about these WMI classes, search for “Mapping Active Directory to WMI” in the WMI SDK documentation on MSDN.
Network Ports Used by Active Directory Searches
The network ports that are used by Active Directory searches are listed in the following table.
Port Assignments for Active Directory Searches
| Service Name | UDP | TCP |
|---|---|---|
LDAP |
None |
389 |
LDAP SSL |
None |
636 |
Global Catalog LDAP |
None |
3268 |
Global Catalog LDAP SSL |
None |
3269 |
Related Information
The following resources contain additional information that is relevant to this section:
“Support Tools Help” in Tools and Settings Collection for information about ADSI Edit and Ldp
“Command-Line References” in Tools and Settings Collection for information about Dsquery and Ntdsutil
“Group Policy Settings Reference” in Tools and Settings Collection for more information about Group Policy settings for Active Directory searches
Microsoft Platform SDK on MSDN for more information about WMI classes for Active Directory searches (in “Mapping Active Directory to WMI”)