Scribd Logo
Upload

Welcome to Scribd!

  • Adsiedi

    Uploaded by

    Anand Dalvi
    100 views6 pages
    ADSI Edit provides a view of every object and attribute in an Active Directory forest. You can query, view, and edit attributes that are not exposed through other snap-ins.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    ADSI Edit provides a view of every object and attribute in an Active Directory forest. You can query, view, and edit attributes that are not exposed through other snap-ins.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    100 views6 pages

    Adsiedi

    Uploaded by

    Anand Dalvi
    ADSI Edit provides a view of every object and attribute in an Active Directory forest. You can query, view, and edit attributes that are not exposed through other snap-ins.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    Adsiedit: Active Directory

    http://technet.microsoft.com/en-us/library/cc773354(WS.10,printer).aspx

    ADSI Edit (adsiedit.msc)


    Updated: March 19, 2010 Applies To: Windows SBS 2008, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2 Active Directory Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory. ADSI Edit (adsiedit.msc) provides a view of every object and attribute in an Active Directory forest. You can use ADSI Edit to query, view, and edit attributes that are not exposed through other Active Directory Microsoft Management Console (MMC) snap-ins: Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, and Active Directory Schema. This topic includes the following sections: Installing ADSI Edit Using ADSI Edit Adding ADSI Edit to MMC Missing Commands Other Topics with ADSI Edit Usage Scenarios

    Note Another LDAP editor that Microsoft provides is Ldp. To learn more about Ldp, see Ldp Overview (http://go.microsoft.com/fwlink/?LinkId=143517 ). For an example of Ldp being used, see article 224543 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkID=23064 ).
    2 1

    Installing ADSI Edit


    To install ADSI Edit on computers running Windows Server 2003 or Windows XP operating systems, install Windows Server 2003 Support Tools from the Windows Server 2003 product CD or from the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=100114 ). For more information about how to install Windows Support Tools from the product CD, see Install Windows Support Tools (http://go.microsoft.com/fwlink /?LinkId=62270 ). On servers running Windows Server 2008 or Windows Server 2008 R2, ADSI Edit is installed when you install the Active Directory Domain Services (AD DS) role to make a server a domain controller. You can also install Windows Server 2008 Remote Server Administration Tools (RSAT) on domain member servers or stand-alone servers. For specific instructions, see Installing or Removing the Remote Server Administration Tools Pack (http://go.microsoft.com/fwlink/?LinkId=143345 ). To install ADSI Edit on computers running Windows Vista with Service Pack 1 (SP1) or Windows 7, you must install RSAT. For more information and to download RSAT, see article 941314 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkID=116179 ). Note Adsiedit.msc will not run unless the Adsiedit.dll file is registered. This happens automatically if the support tools are installed. However, if the support tool files are copied instead of installed, you must run the regsvr32 command to register Adsiedit.dll before you run the Adsiedit.msc snap-in. To register adsiedit.dll, type the following command (you must navigate to the directory containing the adsiedit.dll file):
    6 5 4 3

    You can run ADSI Edit from a client computer or server. The computer does not have to be a member of a domain. However, to see domain objects using Adsiedit.msc, you must have the rights to view the Active Directory domain that you connect to. By default, members of the Domain Users group have these rights. To modify objects using ADSIEdit, you must have at least the Edit permission on the Active Directory objects that you want to change. By default, members of the Domain Admins group have this permission.

    Using ADSI Edit


    ADSI Edit (Adsiedit.msc) is an MMC snap-in. You can add the snap-in to any .msc file through the Add/Remove Snap-in menu option in MMC, or just open the Adsiedit.msc file from Windows Explorer. The following figure illustrates the ADSI Edit interface. In the console tree on the left, you can see the major partitions Domain, Configuration, and Schema. The figure shows the Builtin container of the Contoso.com domain selected. In the details pane on the right, you can see the Builtin groups of Active Directory.

    1 of 6

    05/08/2011 10:37 AM

    Adsiedit: Active Directory

    http://technet.microsoft.com/en-us/library/cc773354(WS.10,printer).aspx

    Note Adsiedit.msc automatically attempts to load the current domain to which the user is logged on. If the computer is installed in a workgroup or otherwise not logged on to a domain, the message "The specified domain does not exist" displays repeatedly. To resolve this issue, you may want to open an MMC, add the ADSI Edit snap-in, make connections as appropriate, and then save the console file.

    ADSI Edit Node


    To view the following commands, in the console tree click the ADSI Edit node, click the Action menu, and then click one of the following: Connect To Refresh

    Connect To The Connection Settings dialog box appears. You can use the Connection Settings dialog box to create a connection point to an object in Active Directory. The following text boxes are located in the Connection Settings dialog box: Name. You should not change the text in this box because it might cause an error when you attempt to make a connection. The text in this box is updated automatically, if necessary, when you configure or select a Connection Point. Path. Displays the URL for the selected object. It cannot be edited. If the path is not correct, click Cancel, and then select the correct object.

    Connection Point Section


    Click either Select or type a Distinguished Name or Naming Context or Select a well known Naming Context. If you click the Select or type a Distinguished Name or Naming Context radio button, type the distinguished name of the object that will be the connection point in Active Directory. For example, if your domain name is contoso.com and you want to connect to the Users container, type cn=users,dc=contoso,dc=com. If you click the Select a well known Naming Context radio button, select the directory partition that will be the connection point in Active Directory in the list of partitions in the selection menu.

    2 of 6

    05/08/2011 10:37 AM

    Adsiedit: Active Directory

    http://technet.microsoft.com/en-us/library/cc773354(WS.10,printer).aspx

    Tip Previous LDAP connections are remembered by the ADSI Edit tool. In versions earlier than Windows Server 2008, the tool automatically attempts to load the current domain to which the user is logged on. If the computer is installed in a workgroup or otherwise not logged on to a domain, the message "The specified domain does not exist" appears repeatedly. To avoid these issues, open Mmc.exe, add the ADSI Edit snap-in manually, make any connections that are appropriate for you with whatever credentials are necessary, and then save the console file. This gives you your own default console that works with ADSI Edit.

    Computer Section
    Specifies whether you connect to the local computer or a remote computer. Click either Default (domain or server that you are logged in to) or Select or type a domain or server. You can enter the domain name or computer name in Domain Name System (DNS) format or NetBIOS format, or you can enter an IP address.

    Advanced Button
    Click the Advanced button to specify alternate credentials or alternate port numbers or to change the protocol that is used to connect to Active Directory. The Advanced dialog box contains the following text boxes: Specify Credentials. Use this box to specify alternate credentials. Unless otherwise specified, the currently logged-on user's credentials are used. Port Number. Type a port number if you do not want to use the default port for the LDAP or the LDAP Global Catalog protocol. The default LDAP port is 389. The default port for the Global Catalog is 3268.

    Protocol Section
    Click either LDAP or Global Catalog. The URL in Path might change, based on your selection. LDAP is used by default. To view the Path box, on the Advanced tab, click OK or Cancel. Refresh To update the object from Active Directory, right-click an object, and then click Refresh. The Refresh command removes the current objects in the container and repopulates the container with updated information from Active Directory.

    Directory Partition Node


    To view the following commands, select the directory partition node that you want to manage (that is, Domain, Configuration, and Schema), click the Action menu, and then click one of the following: Settings Remove Update Schema Now New Refresh

    Settings The Connection Settings dialog box appears, which provides the same configuration options as previously discussed in the Connect To section. Remove Removes the connection point that connects ADSI Edit to a directory partition or container within Active Directory. This command affects only what is shown in the ADSI Edit console. To remove objects from Active Directory, use the Delete command. Update Schema Now Reloads the schema information from Active Directory into the local computer's cache. New Click Query to create a new query. For more information about creating LDAP queries, see LDAP Query Basics (http://go.microsoft.com/fwlink /?LinkId=143553 ). Refresh
    7

    3 of 6

    05/08/2011 10:37 AM

    Adsiedit: Active Directory

    http://technet.microsoft.com/en-us/library/cc773354(WS.10,printer).aspx

    To update the object from Active Directory, right-click an object, and then click Refresh. The Refresh command removes the current objects in the container and repopulates the container with updated information from Active Directory.

    Object Node
    To view the following commands, click an object in the details pane (for example, Account Operators is an object in the previous figure), click the Action menu, and then click one of the following: Move New Connection from Here New Delete Rename Refresh

    Move Moves the object to another container in Active Directory. Opens a dialog box that you can use to select the destination container. New Connection From Here Creates a new connection point node and adds it to the console. New The New menu command reveals another menu that contains the Object command, which creates a new child object in the selected container. This command opens a set of chained dialog boxes that begins with the class of the object. If you do not have the appropriate permissions to create an object in the selected container, no classes will be listed. After you select a class, a dialog box opens for each required attribute. In the final dialog box, click More to view and edit any optional attributes. Delete Deletes the selected object from Active Directory. A dialog box appears asking you to confirm the deletion. This command does not appear in the menu if you do not have permissions to delete an object from Active Directory. Rename Changes the name of the object in Active Directory. Refresh To update the object from Active Directory, right-click an object, and then click Refresh. The Refresh command removes the current objects in the container and repopulates the container with updated information from Active Directory.

    Adding ADSI Edit to MMC


    If you are running ADSI Edit on a computer that is not logged on to a domain or if you want to create a customized MMC, you may want to add the ADSI Edit snap-in to the console. To add the ADSI Edit Snap-in to MMC 1. Open your existing console or create a new console. To create a new console, click Start, click Run, type mmc, and click OK, or at a command line, type mmc, and then press ENTER. 2. Click Add/Remove Snap-in, and then click Add. 3. In the Add Standalone Snap-in dialog box, click ADSI Edit in the list. If ADSI Edit does not appear here, see Installing ADSI Edit at the beginning of this topic. 4. Click Add, click Close, and then click OK.

    Missing Commands
    The Action menus in MMC are context sensitive. If you do not have permission to perform an action, the action might not appear in the menu.

    Other Topics with ADSI Edit Usage Scenarios


    Although ADSI Edit is not intended for regular management of your Active Directory environment, there are instances in which you may need to use it. The following topics include procedures that use ADSI Edit. Weaken security using ADSI Edit (http://go.microsoft.com/fwlink/?LinkId=143425 )
    8

    4 of 6

    05/08/2011 10:37 AM

    Adsiedit: Active Directory

    http://technet.microsoft.com/en-us/library/cc773354(WS.10,printer).aspx

    Manage an AD LDS Instance Using ADSI Edit (http://go.microsoft.com/fwlink/?LinkId=143426 ) Using ADSI Edit to Edit Active Directory Attributes (http://go.microsoft.com/fwlink/?LinkId=143427 ) Article 822444 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=143428 ) Step 1: Create a PSO (http://go.microsoft.com/fwlink/?LinkId=143555 )
    12 11 10

    See Also
    Concepts Alphabetical List of Tools Search Overview
    14 15 16 13

    Replmon Overview Movetree.exe


    17 18

    Repadmin Overview Ldp Overview

    Dsastat Overview Acldiag Overview Other Resources

    19 20

    Clonepr Overview

    21

    ADSIEdit videos on Microsoft Showcase

    22

    Links Table
    1 2 3 4 5 6 7 8 9

    http://go.microsoft.com/fwlink/?LinkId=143517 http://go.microsoft.com/fwlink/?LinkID=23064 http://go.microsoft.com/fwlink/?LinkId=100114 http://go.microsoft.com/fwlink/?LinkId=62270 http://go.microsoft.com/fwlink/?LinkId=143345 http://go.microsoft.com/fwlink/?LinkID=116179 http://go.microsoft.com/fwlink/?LinkId=143553 http://go.microsoft.com/fwlink/?LinkId=143425 http://go.microsoft.com/fwlink/?LinkId=143426 http://go.microsoft.com/fwlink/?LinkId=143427 http://go.microsoft.com/fwlink/?LinkId=143428 http://go.microsoft.com/fwlink/?LinkId=143555 http://technet.microsoft.com/en-us/library/cc784273(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc755695(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc772954(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc755360(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc755718(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc772839(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc755491(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc773393(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc755388(v=WS.10).aspx http://go.microsoft.com/fwlink/?LinkID=197276

    10 11 12 13 14 15 16 17 18 19 20 21 22

    Community Content

    5 of 6

    05/08/2011 10:37 AM

    Adsiedit: Active Directory

    http://technet.microsoft.com/en-us/library/cc773354(WS.10,printer).aspx

    "adsiedit.dll" failed to load (Windows Server 2008 R2)


    The adsiedit.msc and adsiedit.dll from a Windows Server 2008 R2 domain controller were copied to %systemroot%\system32 on a new host (with new hostname). The latter is Windows Server 2008 R2 member server. Changing to %systemroot%\system32 and execute "regsvr32 adsiedit.dll" with elevated privilege triggered this error: [Window Title] RegSvr32 [Content] The module "adsiedit.dll" failed to load. Make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependent .DLL files. A dynamic link library (DLL) initialization routine failed. [OK]

    Even specifying regsvr32 c:\windows\system32\adsiedit.dll resulted in the same error. The only way to get ADSIEDIT to work is to install the tool via RSAT / AD LDS Snap-Ins.

    Comment from Kurt Hudson, MSFT First, if you have issues like this, you should post them to the Directory Services Forum http://social.technet.microsoft.com/Forums/en/winserverDS /threads Second, you should NOT be copying the dll and msc files from one Windows Server 2008 R2 or 2008 server at all. All Windows Server 2008 and Windows Server 2008 R2 servers have these files available as part of the Role Administration tools. If it is not a domain controller, then go into Server Manager and install. There is a link in the article above that takes to you the article which explains exactly how to do that. If you have issues following that article (http://technet.microsoft.com/en-us/library/cc730825.aspx), please, let us know. I wrote the article and one of my colleagues later updated it for Windows Server 2008 R2. We actually test this stuff when we write it, but if you are seeing something different, then we would like to know about it. However, that article is the place to post your comments and give feedback. Again, if you need quicker help, then the Directory Services forum is the place to go. 12/11/2010 Kurt L Hudson 8/18/2010 Desmond Lee

    Type adsiedit.msc NOT adsiedit.mmc


    Someone commented on this article that adsiedit.mmc doesn't appear on their domain controller. Please, notice that the file extension is .msc NOT .mmc. To open ADSI Edit, you would type adsiedit.msc. 9/17/2010 Thomas Lee 5/10/2010 Kurt L Hudson

    ADSI Edit and Terminal Service settings


    In an AD2008 environment, the Terminal Services settings are used to configure Citrix connectivity, but when examining the AD attrib utes diurectly using ADSI Edit, the msTSxxx attributes are empty. Searching for the settings does not find them in any of the attribute settings, so I am curious if ADSI edit is not compatible with AD2008 schema changes related to the display of msTSxxx values. Can someone verify or suggest steps to take that will allow me to view the settings in ADSI or another direct AD attribute editor? Thanks. 9/16/2010 andreasen8

    2011 Microsoft. All rights reserved.

    6 of 6

    05/08/2011 10:37 AM

    You might also like