Troubleshooting LDAP query tool

Posted on 2009-04-23
Last Modified: 2013-12-24
Hi All,

My domain is, within the forest. We have another domain name

There is a universal security group that a department wants to get membership for repeatedly. One of their vendors has provided them with a tool to do this.

Unfortunately, the tool doesn't pull all the members from out for some reason.

The search root is: dc=kam, dc=com
LDAP server: ukgc1
Port: 3268

If I use the same settings on the another LDAP query tool (the brilliant Quest Powershell tool) then it works fine, so it's defo a problem with the original tool (Tool1).

One thing I notice on Tool1 is that I can view the search query 'area'...i.e. if I enter a DC, it bring ups up the DC graphically and it's OU's (as you see in ADUC)....however, the Naming Context is dc=emea., dc=kam, dc=com even though I am selecting the search root at the forest root. Is this to be expected?

Also, there is a drop down menu by the DC icon, and I can see, cn=configuration and cn=schema.

Should I be expecting to see cn=domain as well?

Just trying to figure out where the problem with Tool1 is!

Thanks for any help in advance!
Question by:kam_uk
    LVL 70

    Expert Comment

    by:Chris Dent

    > Should I be expecting to see cn=domain as well?

    Nope :)

    It does sound like it's incorrectly setting the search base. Do you have any DCs in a root domain ( you can select?

    LVL 3

    Author Comment

    Thanks...will try this out.

    Out of interest, why would we not be able to see cn=domain, but be able to see cn=schema and cn=configuration?
    LVL 70

    Accepted Solution


    Because CN=domain doesn't exist whereas the other two do :)

    The "domain" part of the directory resides under DC=kam,DC=com and so on for each domain.

    Configuration and Schema are separate trees, and although they are named as subordinate to the root domain partition they're not.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    APEX (Application Express) is used to develop a web application from Oracle. SQL Workshop is one of the tools that comes with Oracle APEX to query or modify the database objects or to make any changes to the structure.
    CCModeler offers a way to enter basic information like entities, attributes and relationships and export them as yEd or erviz diagram. It also can import existing Access or SQL Server tables with relationships.
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now