Windows Server "Longhorn" – Active Directory Attribute Editor and LDP

Another Article of Jorge mentions the new “Attribute Editor” in Active Directory-Users and -Computers (ADUC) and Active Directory-Sites and -Settings (ADSS). Basically you have the Property-Page of ADSIEdit now in ADUC and ADSS and you are able to configure all attributes of the selected Object in a more generic view. I love this “feature” (*) – you’ll see it as soon as you have selected “Advanced View” in ADUS or ADSS and open a property page of a object.

Also I’d like to mention another great “feature” (*) of the property page – it shows you some of the data more human readable than it was in ADSIEdit. They are converting numbers now – e.g. to time-values a.s.o.

Another thing which has improved in ADUC is that if you select a domain controller you are able to access the NTDS-Settings-Object underneath it. For example you are able to configure the DC to be a Global Catalog (or not) on this dialogbox. This was providing a lot of confusion in the past where you either were able to see the DCs Properties in ADUC or to select whether it’s a GC or not in Active Directory-Sites and Settings – so well done Microsoft for deciding to show it in Active Directory-Users and Computers as well.

Jorge is also covering LDP in his post, and how much it has improved. What I really love in LDP is the Advanced Security Dialog which displays a Security Descriptor with it’s DACL, SACL and ACEs in the GUI or via a Text Dump. Just select Browse -> Security -> Security Descriptor out of the menu in ldp.exe and select the object and if you prefer a Text Dump or the “friendly view”.

Read Jorge’s article on Windows Server “Longhorn” – Management tooling to get more information about the possibilities in Active Directory-Users and -Computers and Active Directory-Sites and -Services.

(*) In Windows Server “Longhorn” we have Roles which we install, such as DNS-Server, Active Directory Domain Services, File Server, … and Features which are minor things to install such as Bitlocker, Telnet, Windows Backup, … so what do we call something which is a new thing but is not a Role or a Feature in the Product? In the past we’ve called it feature, but now we are without a wording for it.

Leave a Reply