[Logo] LDAPSoft LDAP And Active Directory Tools Community Forums
  [Search] Search   [Register] Register /  [Login] Login 
Messages posted by: support
Forum Index » Profile for support » Messages posted by support
Author Message
Unfortunately you can't add custom reports and run them from reports menu but you can save and run custom reports from sql window (To open sql window click the SQL button on toolbar).
Version 6.2

Select Audit Export| In PDF Format| Select Distribution or Security Groups Under All Groups Tab.

Version 6.0 & Earlier

For Distribution Group follow all the steps mentioned above but change the step2 sql to following:

Select cn,member from RootDSE where objectClass=group and (groupType:1.2.840.113556.1.4.804:!=2147483648 or sAMAccountType=268435457) subtreescope

For security groups follow all the steps mentioned above but change the step2 sql to following:

Select cn,member from RootDSE where objectClass=group and groupType:1.2.840.113556.1.4.804:=2147483648 subtreescope
Version 6.2
1. Open AD Admin and reporting tool and connect to Active Directory
2. Select Audit Exports (Main Menu) | PDF Export and Select All Groups With Members from All Groups Tab

Version 6.0 and earlier

Please follow the following steps for a printable list of groups and their members from Active Directory

1. Open AD Admin and reporting tool and connect to Active Directory

2. Click on the SQL button (top tool bar), copy and paste (top panel) the following statement

Select cn,member from RootDSE where objectClass=group subtreescope

3. Click on the Export button and select Excel Export

4. Uncheck ExportDN and Export Operational Attributes (Middle right)

5. Provide the file name and click Export

6. Select all row and columns (click top left header) copy and paste it to word.

Word will show all row text as excel has a row height limit.
Click on Audit Exports Menu-> select PDF or Excel -> Select All Users and Their Direct and Indirect Groups (Nested) from All Users Tab
Run the export.
>We are attempting to use this tool to extract LDAP data from both Novell and Windows based systems. For the Novell systems, we have a command file created that executes a saved task definition. My first question is how do I know what order the queried columns are coming back in? I am still verifying this, but it seems as if the column order is inconsistent from one run to another.

It is not possible to determine the order of columns because LDAP does not return columns with null values

For example
Entry A has two columns with values cn and sn
Entry B has three columns with values cn, sn and description
Entry C has three columns with values cn, sn and company

If the entries are returned from LDAP in the order A,B and C the exported file will have columns in the following order
cn,sn,description and company

If the entries are returned from LDAP in the order A,C and B the exported file will have columns in the following order
cn,sn,company and description

If you are feeding the exported files to another system, let other system read the columns first before exporting or sort the excel using a macro before feeding to another system.

>My second question has to do with the paging in Windows Active Directory, and the lack of paging in a Novell environment. From an attended operation standpoint, I can make both of these work. However, I do not see a way to configure the "Enable Ldap Paged Result Control" and the "Max Page Size" settings in a way that would allow me to run this is an unattended mode. Is there a command line switch or registry setting, or some other method that could be used to set that value at the invocation of the program?

Enable LDAP Page Result Control is a global parameter and cannot be set/reset with command line. Install LDAP Admin Tool under two different users (Network/Local users) one with Paging enabled and other with Paging disabled.
Q1. Is there a way to do a 'full' refresh of the LDAP query when I make changes to object in my Windows AD domain? I notice that it takes very long for the changes to come up after I make object changes in Windows AD. I hit 'refresh', but it doesn't seem to refresh anything.

You can try following options:
* Try Refreshing at the RootDSE level (Right click menu -> Click Refresh)

or else -- try refreshing the connection, Click on the Connection Tab -> right click menu --> Reconnect..
and then Try Refreshing at the RootDSE level (Right click menu -> Click Refresh)

Q2. We have observed the behaviour you mentioned with Vista, it is the OS - hopefully it will be fixed by MS in the next service pack or Windows 7.
We haven't observed this behaviour with any other OS except Vista -- We are working on finding a fix for it.
--------From Live Chat--------------------

Aaron says:
Good yourself?
support says:
Good, How can I help you today
Aaron says:
I have a question on the LDAP admin tool, it is about doing exports. When exporting to a .csv file the export throws an error at anything over 1000 records. An LDIF export will work fine and export everything, any thoughts?
support says:
error message?
Aaron says:
LDAPException: Unwilling To Perform (53)
Aaron says:
it also throws this on an excel export over 1000 records
support says:
are u connected to AD?
Aaron says:
no Edir Novell
support says:
try decreasing the page size
support says:
Options| Preferences | General Tab
support says:
Set the Max Page Size to 500
Aaron says:
it is on 1000 what do you suggest I decrease it too?
Aaron says:
support says:
to 500 and try again
Aaron says:
that stopped it at 500, should I increase it or just turn paging off? The directory contains around 10,000 users
support says:
disable it and try again
Aaron says:
I did, it appears to be working now, record 6500 and counting
support says:
Aaron says:
support says:
Thanks, have a good day
Aaron says:
you too
We have discontinued LDAPSoft LDAP Browser product.

In future we may offer LDAP Admin Tool Lite (free version) but the final decision in this regard is still pending.

We will take a look into it and will let you know as soon as we fix the issue.
Thank you for reporting this issue.
1. Do I understand it correctly that "LDAP Admin Tool" uses Microsoft's "LDIFDE"?
No we don't use the Microsoft's LDIFIDE for import, we use the standard LDIF import process

2. Is adding a user to a group via "LDIF import" the same as 'changing Group Membership'?
With Active Directory LDIF import is different than any other directories as AD does not load the system attributes during LDIF import and if you provide system attributes it will fail.
We specifically don't load the following attributes during the ldif import

We also look at the schema for the system attributes and if the attribute is identified as system attribute (systemOnly=TRUE), we don't load it.
In this case it look like the 'memberof' attribute is identified as system attribute and that is why it was not loaded.

3. If I have 'memberOf: ' lines in a (large) ldif-file, there is no way to import these in AD then?
Try loading the same file with Microsoft's LDIFDE and see if you get the same results.

We will look at the code again and if possible will provide the memberof loading in the next release.

Please see the following article on ldif export in active directory


LDIFDE doesn’t support changing Group Membership. You can use CSVDE or ADDUSERS.exe or DStools for Windows 2003 Editions.

Unfortunately we don't have any experience in installing/configuring openldap on windows.
You can find a lot of tutorials on how to set up openldap on linux.

A good tutorial for configuring openldap on linux can be found at: http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP.html

Once you are able to configure openldap on windows, Ldap Admin Tool can help you manage openldap server.

You can't apply the substring changes using update statement.

For substring changes ldif is the best option.

To export password or any binary field in text, please follow the following steps

1. Click the entry, select the userPassword attribute and from the right click context menu select 'Edit Value with...|Text Editor'
2. Now when you export entries, text values will be exported.

Once you are done with the export revert to the default editor - Right Click context menu select 'Edit Value with..|Restore Default Editor'
LDAP Filter does'nt support multiple OU Search in a single search, you must define a base DN.
To search in multiple containers select a top level container and find a common attribute, even a few letters common will work.

If you are unable to find a common attribute you can create one - find an empty attribute and run the update command to update the entries in the container with a common values.

UPDATE OU=test,DC=LDAPSoft,dc=com SET businessCategory='test'

Please make sure to run the update in Development environment before running the statement in production.

DN is not an attribute so you can't search on it.
It is very easy to add remove member to/from group.
Just select the group and from right click context menu select Add/Remove Members.

or select the group and from properties, select the appropriate tab

Trial version has no limitation other than number of days it can run without license.
Is there any attribute like 'ou' which is populated for the entries in those containers, which can tell which container it belongs too?
If there is one, then you can filter using that attribute.

Ldap Admin Tool won't but operating system will.
Linux OS will automatically create user's home directory on next login.
The attributes with two colon's "::" are base64 encoded. This is due to the data containing non-printable/special characters.
You can use any base64 decoder to decode the values.

Please note that while importing the data these values will be decoded and inserted.
Active directory does not publish that information, so you can't
This issue has been fixed in release 2.10, please download the latest version from the download page or Help|Update menu.
Please read the following on how to fix this issue:

The data is definitely base64 encoded

You can try it using an online tool
put the value '<BR>Sign Out' it will convert the value to the one you mentioned.

It must be the special characters '<>' which is triggering the auto Base64 encoding to preserve the special character.
You should be fine importing the data as import will convert the data while importing.

Also please note the two colons "::" which will tell the import process that attribute is Base64 encoded and the import process will decode and insert the value.

Let us know if you find problems during import process.
Thank you for reporting this issue to us.

Can u please check the attribute, is it a binary attribute or a text attribute?
If it is binary then the values are base64 encoded UTF8 and will preserve the characters during import.
If you are trying to connect to ADAM using SSL not SASL and using the internal Microsoft CA certificate, please read the following on how to fix this issue:

Please read the following on how to fix this problem:

Try setting the max Results to 0 and try.

Admin Tool behaves same unless it is Active Directory.

If still you are unable to get more than 10,000 it might be the security on you side.
As the error says there is some data which the export process unable to convert to excel format.
Try exporting in the csv format or limit the number of attributes to export.

To limit the number of attributes
1. Select the browse button on the right hand side of 'Returning Attributes' text box
2. Select a few attributes like distinguishedName,cn,description,mail,creationTime,co,company,department,displayName,homeDirectory,homeDrive

Click Finish.
Make sure that you don't have any spaces after the last )
To export all Active Directory disabled user

Select a top level container (not RootDSE) from the left hand explorer window and select export->Excel Export from the right hand context menu and follow the following steps:

1. Enter the name of the Excel file
2. In the filter text box remove (objectclass=*) and paste the following:
3. Select the attributes to return or leave it to default.

Click Finish.


To Search for all disabled user

Right Click RootDSE (Top left in the explorer window) and Select Search. In the dialog click the Text Filter tab and paste the following


Click Search.

To search specific container select a container to search and select search from the right hand context menu.
Forum Index » Profile for support » Messages posted by support
Go to:   
[Recent Topics] Recent Topics   [Hottest Topics] Hottest Topics   [Members]  Member Listing  
Powered by JForum 2.1.9 © JForum Team