[defmonk]

Someone please gimme directions on how to solve this problem.. I deployed a Windows 2003 Domain Controller with Active Directory and all. I try to connect using ldap browser but I am not able to. Is there something else I need to do before I'm able to connect?

[Advertisements]

I just discovered that I did not configure DNS properly. I had to create PTR records in DNS when I noticed that nslookup returns an error, and in Event Viewer, DNS error says something about not being able to list the content of AD.

My problem with ldap browser is not solved yet, but I know I'm moving in the right direction.

I welcome whatever input anyone has to give and I'll keep y'all posted on how it goes. Cheers.

[defmonk]

I just discovered that I did not configure DNS properly. I had to create PTR records in DNS when I noticed that nslookup returns an error, and in Event Viewer, DNS error says something about not being able to list the content of AD.

My problem with ldap browser is not solved yet, but I know I'm moving in the right direction.

I welcome whatever input anyone has to give and I'll keep y'all posted on how it goes. Cheers.

[defmonk]

Thanks for viewing my post. I eventually downloaded another LDAP Browser (Softerra LDAP Browser 2.6) and I noticed that for every connection failure, the error message says 'Invalid Credentials', so I changed the user account on the browser to LDAP_USER in the AD and set the appropriate password; I also removed 'cn=' from the entry from the USER DN: box.

Now I am able to enumerate the content of the AD.

Cheers.

[dsenette]

sorry nobody got to you..but yeah...can't browse LDAP without the right creds...some of those viewers handle the credentials differently as well so...always good to read the manual

[ben.watson]

Hello Defmonk,

I don't know if you are still monitoring this thread, but I can offer you some assistance. There are multiple LDAP browsers available.

LDP is a low level LDAP utility from Microsoft. - http://support.microsoft.com/kb/224543
ADSIEdit is another low level LDAP utility that is directly available from Microsoft as well. You will need to download either the Windows 2003 Resource Kit or 2003 Support Tools (I can't remember) to get this utility.
"Active Directory Schema" is a readily available MMC snap-in you can use to your LDAP directory. You will simply need to register it first though to make it available. type "REGSVR32 SCHMMGMT.DLL" at the command prompt to make it available.
A brand spankin new LDAP browser was just made available yesterday from Sysinternals called ADExplorer. You can grab it here...
http://www.microsoft...adexplorer.mspx

And finally, if you prefer to do LDAP queries by command line, then you will want to go get ADFind from Joeware.net.

What sort of LDAP specific problems are you having?

Edited by ben.watson, 11 July 2007 - 06:27 PM.

[ben.watson]

Also, you should also perform a...

DCDIAG /V
NETDIAG /V

And look for any errors and resolve those. Once all the tests pass, you should have a largely well running domain controller. You can also add the /FIX switch on the end of both of those commands to allow those utilities to perform safe and trivial fixes for issues you may be experiencing.