SysOp Tls Active Directry Management sftware Active Directry Query v1.x Sftware Installatin and User Guide Updated September 29, 2008 In This Dcument: 1.0 Intrductin 1.1 - Hw AD Query Wrks 1.2 - Installatin Requirements 2.0 - Sftware Installatin and Setup 2.1 - Inserting yur License Key 2.2 - Selecting and Changing yur Search Dmain 3.0 - Sftware Use and Overview 3.1 - General Use Perfrming a User r Cmputer Object Search 3.2 - Use with Passwrd Reminder PRO Perfrming a User Object Search frm Within the Reprt Cnsle 3.3 - Running AD Query Searches frm a Cmmand Prmpt r Script Perfrming a User r Cmputer Object Search frm a Cmmand Prmpt r Script 4.0 - Trubleshting 4.1 Cmmn Issues 4.2 Screenshts
1.0 - Intrductin: AD Query allws quick and easy auditing f any user r cmputer bject within Active Directry, and unlike the standard Users and Cmputers MMC, AD Query shws all schema, LDAP and Exchange mail-enabled attributes assciated with the bject. With AD Query, there is n need t pke arund in the schema, LDAP r Exchange MMC, r use scripts t cnvert schema data t smething humanly readable. AD Query is 3 tls in ne and a ttal time saver fr the busy System Administratr. The perfect cmpanin tl t g alng with Passwrd Reminder PRO! Features: Uses data straight frm Active Directry Schema and presents all data in human-readable frmat Lightning-fast query f any user r cmputer AD bject Shws primary SMTP email address, all email alias (prxy) addresses, passwrd last set date, accunt expiratin date, and mre Shws all listed SPN's fr cmputer / server bjects, including DC's Cmpletely shws all hidden Schema user / cmputer bject attributes in a single, easy t read display and eliminates need t use multiple tls like ADSI Edit r an Exchange-enabled MMC Read-nly sftware. Lk up Schema data withut fear f breaking smething Runs n any dmain-cnnected Windws wrkstatin r server Stand-alne executable - Des nt require a service r cmplex installatin User-friendly UI, n cding r schema cnfiguratin required Runs under credentials f lgged-n user (must be lcal admin) Integrated search histry buffer and exprt f search data t xml file FREE xml-viewer available n ur website supprt page. View yur exprts in a friendly neat frmat API interface fr quick searches directly in Passwrd Reminder PRO! Click a user in Passwrd Reminder PRO's Reprt Cnsle and aut-launch the search in AD Query! *Feature requires versin 1.4 f Passwrd Reminder PRO and versin 1.3 f AD Query t be installed n the same cmputer Run AD Query searches frm a cmmand prmpt r call frm a batch file / script AD Query is designed fr maximum cmpatibility with Windws 2000 / 2003 / R2 and Exchange 2000 / 2003 / 2007 and cnverts all 'binary' and 'tick string' values t a user-readable frmat!
1.1 - Hw AD Query Wrks AD Query is a 3-in-1 search and reprting tl fr user and cmputer bjects within Active Directry. It's sle purpse is t utput all real-time Schema / AD / Exchange attributes fr a specified AD bject in an easy-t-read screen. AD Query lks deep within the AD Schema and reveals all bject attributes; if it is there, yu'll see it. Nrmally, yu wuld need t pen tw r three Micrsft admin tls t accmplish the same task, especially when lking fr mail-enabled r Kerbers bject attributes. AD Query is invaluable fr quickly reviewing an bject t determine if prblems exist r infrmatin is crrect. All f the reprt view results are exprtable via simple cpy / paste. 1.2 - Installatin Requirements Installatin and use f AD Query requires the fllwing: - Micrsft Windws XP, Server 2000 (min SP3) r Server 2003 - Micrsft Windws Active Directry 2000 r 2003 Dmain - Micrsft.NET Framewrk v1.1 and SP1 - Dmain accunt with sufficient privileges t read frm yur Dmain Cntrller s AD and LDAP - Lcal Administratr privileges n the cmputer where yu will be installing AD Query (requires admin rights t install) - Valid license key fr yur Active Directry dmain that hlds user accunts. T btain a fee key register an accunt n ur website. 2.0 - Sftware Installatin and Setup Lg n t the server r wrkstatin that will hst the AD Query prgram. Yu must use an accunt that has lcal admin privileges as the sftware writes t the HKLM prtin f the cmputer registry. Run the installer, fllw the prmpts, click Finish t exit the installer. 2.1 - Inserting yur License Key AD Query will nt functin withut a valid license key specifically issues fr yur dmain, and will nt perfrm searches in dmains ther than the ne specified at time f registratin. If yu will use AD Query in different dmain frests, yu can easily create a key fr the ther dmains frm within ur website. Yu shuld have created a free license key frm within yur secure lgin page n ur website. Yu will be unable t dwnlad AD Query until yu signup fr an accunt n ur website and create a license key fr yur dmain. If yu did nt receive the verificatin / accunt activatin email fllwing signup n ur site, and cannt access the links in yur custmer page t create a license key, cntact Sales r Supprt immediately thrugh the Cntact Us page. We'll help yu ut! Launch AD Query frm the Start Menu prgram grup (SysOp Tls > AD Query) r desktp shrtcut. At the tp left f the admin screen click File > Register and yu will see a bx pp up t insert yur license key. Cpy yur AD Query key string frm yur email r persnal site lgin page and paste it here. Click Save. The
sftware will detect yur key and unlck fr use in yur specific dmain. The wrd 'Unregistered' shuld nw change t 'Search Dmain'. If yu d nt see the crrect status, exit and then re-launch the prgram, and duble check t make sure yu inserted the entire license key string. 2.2 - Selecting and Changing yur LDAP Search Dmain AD Query will search the tp-level dmain (cmpany.cm) and als has ability t query sub-dmains (sub.cmpany.cm). After installing yur key, AD Query is set by default t search the LDAP dmain that was specified at time f license key creatin (the dmain inf is cntained in the key yu created). Befre yu can perfrm bject searches n a sub-dmain, yu must tell AD Query the name f the sub-dmain. If yu created a key fr a child dmain nly (child.f.cm), yu cannt upward-search the parent f.cm. We recmmend that yu nly create keys fr the parent rt dmain. Open AD Query Click Search > Change Dmain and an input bx will appear. Type the name f yur sub-dmain and click Change. Nw yu have set yur search t lk nly at bjects cntained in the sub dmain f the parent. T change back t the parent dmain r t a different sub-dmain, repeat the abve prcess. 3.0 - Sftware Use and General Overview 3.1 - General Use Perfrming a User r Cmputer Object Search If yu have an extremely large amunt f bjects in AD r are querying a sub-dmain acrss a WAN link, please allw AD Query sme time t search and capture data befre displaying results. In large envirnments acrss a WAN it can take a cuple f minutes. If AD Query is unable t cntact a DC fr a specified sub-dmain, r is unable t lcate the bject name when perfrming a search it will nt return any results. Open the AD Query prgram Insert yur license key if yu have nt dne s already (File > Register) Once yu insert yur key the dmain used t generate the key will shw as 'Searching: dmain.cm' in the main prgram area. Select the type f dmain bject t query via the drp-dwn list (User r Cmputer) Type the exact name f the bject Fr user bjects, this will be the SAMAccuntName r NT Accunt name, which is the username prtin f the dmain\username lgin. Fr cmputer bjects, use the CN name (r netbis name) f the bject
Click 'Fetch Data', wait fr results t display in the main prtin f the cnsle TIP: If yu wish t query a child f the rt dmain, click Search > Change Dmain and type the FQDN f yur child dmain. Yu will see the child dmain display in the 'Searching:' area. AD Query des nt perfrm "wildcard" searches r partial name searches. If yu receive an 'bject nt fund' ppup, either the bject des nt exist r yu have nt input the crrect bject name. Exprting View Windw Results AD Query has the ability t capture and exprt search results t an xml file. T exprt yur search data, run an bject search. When the data displays in the main view area g t File > Exprt. An bject exprt data xml file will be created in the Prgram Files/SysOp Tls/AD Query flder. Yu may view the xml file in structured table frmat with ur FREE xml viewer, which is dwnladable frm ur website supprt page TIP: AD Query buffers yur search results in memry. Yu may perfrm multiple bject lkups and then chse Exprt. All f yur searches fr that sessin will be exprted int ne xml file. If yu wish t clear the buffer memry f search histries, simply chse File > Clear Histry. Or exit AD Query. 3.2 - Use with Passwrd Reminder PRO Perfrming a User Object Search frm the Reprt Cnsle Open the Reprt Cnsle. On the left f all view tab screens there is a clumn f gray square bxes. Duble-click the gray bx n the user data rw that yu wuld like t search. The user bject pens autmatically in AD query and displays the data. Nte- This feature requires at least versin 1.4.2943 f Passwrd Reminder PRO and at least versin 1.3.2875.44 f AD Query t be installed n the same cmputer. 3.3 - Running AD Query Searches frm a Cmmand Prmpt r Script Perfrming a User r Cmputer Object Search frm a Cmmand Prmpt r Script Open a cmmand prmpt. Navigate t the directry where the adquery.exe executable is lcated. Search syntax fr a user bject is as fllws: "C:\Prgram File\SysOp Tls\ADQuery.exe" adquery U [nt acct name] Search syntax fr a cmputer bject is as fllws: "C:\Prgram File\SysOp Tls\ADQuery.exe" adquery C [netbis name r CN] Yu can use this syntax in any batch file r script t autmate searches. Nte that [C] r [U] are case sensitive. Example Search: "C:\Prgram File\SysOp Tls\ADQuery.exe" adquery U jhardy
4.0 - Trubleshting 4.1 - Cmmn Issues AD Query Des Nt Return any Results "Object nt fund": (a) Make sure yu have specified the crrect search dmain, and the dmain specified is licensed fr use with the sftware (b) Make sure the cmputer that yu are running AD Query n has netwrk cnnectivity t yur Dmain Cntrllers (c) AD Query runs under the credential set f the lgged n user. Make sure yur lgged n accunt has read permissins t yur LDAP and Active Directry and lcal admin permissins n the cmputer running AD Query (d) Ensure yu have specified the crrect SAMAccuntName name f the bject, AD Query searches by exact name nly and des nt use matching fr wildcards r partial names. (e) If querying a user bject, make sure yu have selected 'User' frm the search type drp dwn menu (f) If yu receive this errr r the errr "A cmpatible versin f AD query Nt Fund" frm within the Reprt Cnsle in Passwrd Reminder PRO, make sure yu have installed the latest releases as f 1/22/2008 f AD Query and Passwrd Reminder PRO frm ur website. AD Query Des Nt Run r returns errr "Search Dmain Must End with Rt Dmain": (a) Make sure yu have pasted the cmplete / crrect license key in the prgram. If yu need t change / edit the license key please see the next tpic belw. (b) Make sure yu are running AD Query in the same LDAP dmain that yu specified when yu registered n the site t dwnlad the sftware. Yur license key is tied t the LDAP dmain and will nly functin in this rt dmain r sub-dmains f the rt dmain. Fr example, if yu create a key fr f.cm but have installed AD Query in bar.cm, yur key created fr f.cm will nt wrk. (c) Make sure that.net Framewrk v1.1 and all current service packs are installed. AD Query runs n.net Framewrk 1.1 which is NOT the same as 1.0 r 2.0 If yu are experiencing ther issues nt cvered, r need additinal assistance please cntact SysOp tech supprt via the Abut Us page. I Incrrectly Entered my License Key, r Need t Use a Key Fr a Different Dmain- Hw d I Change it? Shuld it becme necessary t enter a different license key in AD Query, please use the fllwing methd. Lg in t yur accunt n the SysOp Tls website. Create the required key fr the rt dmain (dmain.cm). Open AD Query > File > Register and paste the new key. If yu wish t query a child f the rt dmain, click Search > Change Dmain and type the FQDN f yur child dmain. 4.2 - Screenshts AD Query User Object Data: All AD Schema and LDAP attributes that exist fr this bject will be shwn
AD Query Cmputer Object Data: All AD Schema and LDAP attributes that exist fr this bject will be shwn