HomenewsNetworking SolutionsActive Directory Account Management (ADSI Edit)

Active Directory Account Management (ADSI Edit)

  • December 22, 2016
  • Posted by: Syed Shujaat
  • Category: Networking Solutions, Uncategorized
No Comments

ADSI-Edit is an MMC snapin tool from the Windows Support Tools (free add-on software on the Windows server CDROM in the directory \Support\Tools). ADSIEdit was mode especially for the access to Active Directory LDAP services.

To launch the tool, you have to install the support tools,than start the Microsoft Management Console (MMC.EXE), then load ADSIEdit from the list of the available snap-ins.

  • Possible Scenarios

    I mistakenly deleted the AD Object or account and re-add similar object back in AD, why I didn’t get my settings back? This is due to SID ID , each time you create a new object, a new SID is created. You can restore the ID but can’t recreate similar object with the same SID.

    I have migrated a user but I don’t know whether the SID History was added or not.

    I would like to make sure my target user, which was merged with two different accounts, has two SID History attributes applied.

    I would like to know which attribute I have to skip, if I want to skip First Name and Last Name.

    I would like to clean up some attributes, how can I delete custom attributes or extension attributes

     

  • How to Access ADSI & Add to MMC Console

    To answer these questions and any question related to attributes, you can use the Microsoft ADSI Edit utitlity, which is part of the Windows Server Support Tools.  Ensure you have these tools installed.

    The ADSI Edit Utility:

    Support Tools installed you can use the Microsoft Management Console (MMC) Active Directory Schema snap-in.

    1.  Select Start | Run and type in mmc.

    2.  Select File | Add/Remove Snap-in.

    3.  Click on Add | ADSI Edit | Add | Close, then OK.

    Alternatively you can use this method:

    1. Start | Run and type in adsiedit.msc.

    2. Right-click on ADSI EDit under Console root and select “connect to”.  If you want to connect to local machine you don’t have to specify the name, just click OK.

    3. Expand the domain and OU, find the (user) object, right-click and select Properties.

    Note:  ADSI Edit Uses the Currently Logged on User to authenticate to the Active Directory

     

    ADSIEdit Screenshot

     



Leave a Reply