Professional Documents
Culture Documents
http://technet.microsoft.com/en-us/library/cc773354(WS.10,printer).aspx
Note Another LDAP editor that Microsoft provides is Ldp. To learn more about Ldp, see Ldp Overview (http://go.microsoft.com/fwlink/?LinkId=143517 ). For an example of Ldp being used, see article 224543 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkID=23064 ).
2 1
You can run ADSI Edit from a client computer or server. The computer does not have to be a member of a domain. However, to see domain objects using Adsiedit.msc, you must have the rights to view the Active Directory domain that you connect to. By default, members of the Domain Users group have these rights. To modify objects using ADSIEdit, you must have at least the Edit permission on the Active Directory objects that you want to change. By default, members of the Domain Admins group have this permission.
1 of 6
05/08/2011 10:37 AM
http://technet.microsoft.com/en-us/library/cc773354(WS.10,printer).aspx
Note Adsiedit.msc automatically attempts to load the current domain to which the user is logged on. If the computer is installed in a workgroup or otherwise not logged on to a domain, the message "The specified domain does not exist" displays repeatedly. To resolve this issue, you may want to open an MMC, add the ADSI Edit snap-in, make connections as appropriate, and then save the console file.
Connect To The Connection Settings dialog box appears. You can use the Connection Settings dialog box to create a connection point to an object in Active Directory. The following text boxes are located in the Connection Settings dialog box: Name. You should not change the text in this box because it might cause an error when you attempt to make a connection. The text in this box is updated automatically, if necessary, when you configure or select a Connection Point. Path. Displays the URL for the selected object. It cannot be edited. If the path is not correct, click Cancel, and then select the correct object.
2 of 6
05/08/2011 10:37 AM
http://technet.microsoft.com/en-us/library/cc773354(WS.10,printer).aspx
Tip Previous LDAP connections are remembered by the ADSI Edit tool. In versions earlier than Windows Server 2008, the tool automatically attempts to load the current domain to which the user is logged on. If the computer is installed in a workgroup or otherwise not logged on to a domain, the message "The specified domain does not exist" appears repeatedly. To avoid these issues, open Mmc.exe, add the ADSI Edit snap-in manually, make any connections that are appropriate for you with whatever credentials are necessary, and then save the console file. This gives you your own default console that works with ADSI Edit.
Computer Section
Specifies whether you connect to the local computer or a remote computer. Click either Default (domain or server that you are logged in to) or Select or type a domain or server. You can enter the domain name or computer name in Domain Name System (DNS) format or NetBIOS format, or you can enter an IP address.
Advanced Button
Click the Advanced button to specify alternate credentials or alternate port numbers or to change the protocol that is used to connect to Active Directory. The Advanced dialog box contains the following text boxes: Specify Credentials. Use this box to specify alternate credentials. Unless otherwise specified, the currently logged-on user's credentials are used. Port Number. Type a port number if you do not want to use the default port for the LDAP or the LDAP Global Catalog protocol. The default LDAP port is 389. The default port for the Global Catalog is 3268.
Protocol Section
Click either LDAP or Global Catalog. The URL in Path might change, based on your selection. LDAP is used by default. To view the Path box, on the Advanced tab, click OK or Cancel. Refresh To update the object from Active Directory, right-click an object, and then click Refresh. The Refresh command removes the current objects in the container and repopulates the container with updated information from Active Directory.
Settings The Connection Settings dialog box appears, which provides the same configuration options as previously discussed in the Connect To section. Remove Removes the connection point that connects ADSI Edit to a directory partition or container within Active Directory. This command affects only what is shown in the ADSI Edit console. To remove objects from Active Directory, use the Delete command. Update Schema Now Reloads the schema information from Active Directory into the local computer's cache. New Click Query to create a new query. For more information about creating LDAP queries, see LDAP Query Basics (http://go.microsoft.com/fwlink /?LinkId=143553 ). Refresh
7
3 of 6
05/08/2011 10:37 AM
http://technet.microsoft.com/en-us/library/cc773354(WS.10,printer).aspx
To update the object from Active Directory, right-click an object, and then click Refresh. The Refresh command removes the current objects in the container and repopulates the container with updated information from Active Directory.
Object Node
To view the following commands, click an object in the details pane (for example, Account Operators is an object in the previous figure), click the Action menu, and then click one of the following: Move New Connection from Here New Delete Rename Refresh
Move Moves the object to another container in Active Directory. Opens a dialog box that you can use to select the destination container. New Connection From Here Creates a new connection point node and adds it to the console. New The New menu command reveals another menu that contains the Object command, which creates a new child object in the selected container. This command opens a set of chained dialog boxes that begins with the class of the object. If you do not have the appropriate permissions to create an object in the selected container, no classes will be listed. After you select a class, a dialog box opens for each required attribute. In the final dialog box, click More to view and edit any optional attributes. Delete Deletes the selected object from Active Directory. A dialog box appears asking you to confirm the deletion. This command does not appear in the menu if you do not have permissions to delete an object from Active Directory. Rename Changes the name of the object in Active Directory. Refresh To update the object from Active Directory, right-click an object, and then click Refresh. The Refresh command removes the current objects in the container and repopulates the container with updated information from Active Directory.
Missing Commands
The Action menus in MMC are context sensitive. If you do not have permission to perform an action, the action might not appear in the menu.
4 of 6
05/08/2011 10:37 AM
http://technet.microsoft.com/en-us/library/cc773354(WS.10,printer).aspx
Manage an AD LDS Instance Using ADSI Edit (http://go.microsoft.com/fwlink/?LinkId=143426 ) Using ADSI Edit to Edit Active Directory Attributes (http://go.microsoft.com/fwlink/?LinkId=143427 ) Article 822444 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=143428 ) Step 1: Create a PSO (http://go.microsoft.com/fwlink/?LinkId=143555 )
12 11 10
See Also
Concepts Alphabetical List of Tools Search Overview
14 15 16 13
19 20
Clonepr Overview
21
22
Links Table
1 2 3 4 5 6 7 8 9
http://go.microsoft.com/fwlink/?LinkId=143517 http://go.microsoft.com/fwlink/?LinkID=23064 http://go.microsoft.com/fwlink/?LinkId=100114 http://go.microsoft.com/fwlink/?LinkId=62270 http://go.microsoft.com/fwlink/?LinkId=143345 http://go.microsoft.com/fwlink/?LinkID=116179 http://go.microsoft.com/fwlink/?LinkId=143553 http://go.microsoft.com/fwlink/?LinkId=143425 http://go.microsoft.com/fwlink/?LinkId=143426 http://go.microsoft.com/fwlink/?LinkId=143427 http://go.microsoft.com/fwlink/?LinkId=143428 http://go.microsoft.com/fwlink/?LinkId=143555 http://technet.microsoft.com/en-us/library/cc784273(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc755695(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc772954(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc755360(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc755718(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc772839(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc755491(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc773393(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc755388(v=WS.10).aspx http://go.microsoft.com/fwlink/?LinkID=197276
10 11 12 13 14 15 16 17 18 19 20 21 22
Community Content
5 of 6
05/08/2011 10:37 AM
http://technet.microsoft.com/en-us/library/cc773354(WS.10,printer).aspx
Even specifying regsvr32 c:\windows\system32\adsiedit.dll resulted in the same error. The only way to get ADSIEDIT to work is to install the tool via RSAT / AD LDS Snap-Ins.
Comment from Kurt Hudson, MSFT First, if you have issues like this, you should post them to the Directory Services Forum http://social.technet.microsoft.com/Forums/en/winserverDS /threads Second, you should NOT be copying the dll and msc files from one Windows Server 2008 R2 or 2008 server at all. All Windows Server 2008 and Windows Server 2008 R2 servers have these files available as part of the Role Administration tools. If it is not a domain controller, then go into Server Manager and install. There is a link in the article above that takes to you the article which explains exactly how to do that. If you have issues following that article (http://technet.microsoft.com/en-us/library/cc730825.aspx), please, let us know. I wrote the article and one of my colleagues later updated it for Windows Server 2008 R2. We actually test this stuff when we write it, but if you are seeing something different, then we would like to know about it. However, that article is the place to post your comments and give feedback. Again, if you need quicker help, then the Directory Services forum is the place to go. 12/11/2010 Kurt L Hudson 8/18/2010 Desmond Lee
6 of 6
05/08/2011 10:37 AM