GPO Explorer *** New ***
A new option to browser GPOs and GPO allocation. Supports similar functionality as the Group Policy Manager, allowing viewing of GPO configuration, permissions, OU structure browsing, with policy inheritance, display the raw settings in the policies, covering registry, scripts, GptTmpl, GPP settings. Includes the option to view and edit policies using gpedit or GPMC editor, if it's installed.
Object Metadata *** New ***
This option will display the metadata of an attribute on a specific object across all domain controllers, to allow checking of replication consistency
Top Quotas *** New ***
Option to display the quota usage of the top users. Includes an option to display the quota allocation to an individual user. With the ability to select the quota per partition.
ACL Browser
Added Meta data and Attributes to the content menu of the left hand pane
Updated to display deleted and recovery items, corresponding permissions required
Added Trustee mode, allows you to select a trustee and the ACE icon will display a green tick on all the ACE that the trustee has been assigned
Updated ACE pane so the ADS_RIGHT_DS_CONTROL_ACCESS right is displayed as Control access against the property. This provides simpler visibility of Confidential Attribute configuration
AD Properties Dialog
Added icon for locked accounts
AD Subnets
Updated to support column sorting
Control Access Rights
Updated screen redraw to increase display speeds
DC Resolution
Updated ports dialog to allow multiple ports to be removed
Fixed bug where a server could be displayed multiple test due to case sensitive
Extended Rights
Added column for Rights GUID
Last Logon Time
Fixed intermittent Index error when sorting
LDAP Browser
Changed ObjectClass order so Options attributes are decoded correctly
LDAP Search
Update SupportedControl to include LDAP_SERVER_SET_OWNER_OID, LDAP_SERVER_BYPASS_QUOTA_OID, LDAP_SERVER_LINK_TTL_OID,
LDAP_SERVER_SET_CORRELATION_ID_OID,
LDAP_SERVER_THREAD_TRACE_OVERRIDE_OID
Add inline filter substitution for Match rule OID LDAP_MATCHING_RULE_DN_WITH_DATA introduced in Windows 2012R2. The substitution characters for this rule is $= e.g. (msDS-HasInstantiatedNCs $= B:8:0000000D:DC=corp), which expands to (msDS-9HasInstantiatedNCs:1.2.840.113556.1.4.2253:=B:8:0000000D:DC=corp)
Fixed bug in the range option on attributes
Added DecodeType for Unicode strings, it also supports Byte Order Mark (BOM) to define the Unicode format
Updates to the screen draw in table view, provides about 25% increase in displaying results
Added 'Display on Complete' option to increase the display speed, screen updates are suppressed until all results are displayed
Locked Accounts
Added context menu for AD Properties and Attributes
NetGroupEnum
Updated to include icons to represent users and groups
Updated context menu to include AD properties for the select trustee
Ping
Updated to support column sorting
Schema Class Browser
Update to display the hierarchy of the selected schema class
Schema History
Added extra column to display OID
Added Windows 2019
Added Exchange 2016 CU7
Schema Version
Updated Windows 2019
Changed Unknown to Not Set for items that don't exist
Added option to display the raw values rather than the decoded values
SD Prop
Complete rewrite to support new functionality
Added context menu to display AD properties
Added option to clear the AdminCount attribute and reset ACL inheritance on user accounts that have AdminCount attribute set
Site Browser
Added option to display the list of IP subnets
Added option to display the list of AD Site Links
Time Converter
Updated to support yyyy/mm/dd hh:mm:ss time\date format
Updated to support yyyy-mm-ddThh:mm:ss.mmm Azure time\date format
Token Size
Fixed double click on Token Size List so sub group list is opened
User's Groups
Context menu updated to include option to open AD properties
User Search
Fixed bug where stored LDAP Search credentials are used when displaying Attributes Dialog
Add context menu for Find Trustee, GPO Allocation, Quota Usage
Added icon for locked user accounts, GC search must be disabled for locked accounts to be displayed
WINS Lookup
Improved error reporting and added Set Debug option
DecodeTypes list:
DEFAULT - ASCII
64DATE - Win32 64bit Date Format
64TIME - Win32 64bit Date & Time Format, local time
64TIME_UTC - Win32 64bit Date & Time Format, UTC
ATTRIBENUM - predefined enumerate
ATTRIBENUM_NONUM - predefined enumerate only symbolics are displayed
BEROID - Basic Encoding Rules (BER) Organization Identifier
BIN - Binary list
CERT - Certificates
COUNT - Returns the number of entries in the attribute
CRL - Certificate Revocation List
DNSPROPERTY - DNS Properties entries
DNSRECORD - DNS entries
DNSRECORD.DATA - return only the data field
DNSRECORD.RANK - return only the rank field
DNSRECORD.SERIAL - return only the serial field
DNSRECORD.TIMEOUT - return only the timeout field
DNSRECORD.TIMESTAMP - return only the timestamp field
DNSRECORD.TTL - return only the ttl field
DNSRECORD.TYPE - return only the type type field
DNSRECORD.VERSION - return only the version field
DSA_SIG - DSA Signature
FILETIME - Win32 File Date & Time Format
GTFTIME - Generalized Time Format, local time
GTFTIME_UTC - Generalized Time Format, UTC
GUID - Windows COM GUID format
GUID_LDAP - GUID in LDAP filter format
GUID_RAW - Hex GUID format
HEX - Display a number if Hex format
IP - DWORD IP address in windows order
IPN - DWORD IP address in network order
MSTRUST - Decoder for msds-TrustForestTrustInfo
NTDS_CONN_OPT - Returns the options for the Options of NTDSConnection
NTDS_DSA_OPT - Returns the options for the Options of NTDSDSA
NTDSSSITE_OPT - Returns the options for the Options of NTDS Sites Settings
PARENTCN - Returns the parent container of the CanonicalName
PARENTDN - Returns the parent container of the distinguishedName
PERIOD - Certificate renewal period
PSMTP - Display primary smtp entry
PWDSEC - Password secounds
PX400 - Display primary x400 entry
PX500 - Display primary x500 entry
REPL_UTDV - NC Up ToDateness Vectors
REPS_INFO - Replication neighbours RepsTo and RepsFrom
RIDPOOL - RID Pool Allocations
SD - Security Descriptor in SDDL format
SD_NAME - Returns the resolved names of all the entries in the SD
SD_NAME_DACL - Returns the resolved names of the DACL entries in the SD
SD_NAME_GROUP – Return the primary group assigned in the SD
SD_NAME_OWNER - Returns the resolved name of the owner in the SD
SD_NAME_SACL - Returns the resolved names of the SACL entries in the SD
SD_SID - Returns the SID of all entries in the SD
SD_SID_DACL - Returns the SID of the DACL entries in the SD
SD_SID_GROUP – Returns the primary group assigned in the SD
SD_SID_OWNER - Returns the SID of the Owner in the SD
SD_SID_SACL - Returns the SID of the SACL entries in the SD
SID - Display Security Identifier in text form
SID_ABS - Display the absolute name of the SID
SID_REL - Display the relative name of the SID
SITE_LINK_OPT - Returns the options for the Options of SiteLink
SIZE - The size of the data returned
SMTP - Display only smtp entries
TRANSPORT_OPT - Returns the options for the Options of transport container
UNICODE - Return a string in Unicode format, with BOM decode support
X400 - Display only x400 entries
X500 - Display only x500 entries