DC Update **New**
Displays the number of Directory updates performed on a Domain Controller or AD LDS in the user specified interval
Token Size **New**
Shows the number of SIDs that are associated to objects, in the case of user and computer objects this is the number of SIDs that will be added to the access token. For Groups this is the number of SIDs that will be added to an objects access token when they are added to the group. The size is for reference only, this is the size of the data returned by TokenGroups attribute for the corresponding object, while it can be used as an indication of the resulting token size it is not exact, see the MS article for the formula for calculating the token size (I may add this as an option in future versions).
Background: Windows has a maximum buffer size for an access token which varies in size between different versions of Windows, see: http://support.microsoft.com/kb/327825. While you can increase the size of the token supported by the OS, there is no way to increase the maximum size supported by IIS. 100+ groups the user may experience intermittent access to resources, over 300 IIS\Sharepoint issues, over 1015 and the user will not be able to logon. The use of SID History for migration or consolidations only makes the token size issue worse. This is quite a good white paper on the issue http://www.giac.org/paper/gsec/5111/kerberos-access-token-limitations/104962
LDAP Search
Note: The attribute separation character has changed from a semicolon to a comma. The use of semicolon was starting to compromise the quality of the code and the ability to add new functionality as semicolon is already used by the Microsoft implementation of LDAP for attribute ranges and binary options. NetTools will automatic convert existing saved Favorites to the new format
Added import and export options for Favorites to allow sharing of pre-defined searches
Update inline substitution function to support multiple instances of the same ## variable in the same field.
New Decodes for sdRightsEffective, msDS-User-Account-Control-Computed
New Decoder type SIZE, this will display the size of the data returned by LDAP directory. Note: that the size returned is not necessarily the size of the data store in the directory.
Updated Search Stats to support all Windows 2008R2 search stats
Ability to specify the decoder per attribute in the Attributes textbox, <attribute>;<DecodeType> i.e. whenchanged;default or lastlogontimestamp;binary The same DecodeType names are used in the nettools.ini attributes listed below, note BINARY has changed to BIN
AD Properties dialog
Updated to support foreign security principals
Object Meta Data
Update to include both Attribute and Value replication data
LDAP Browser
Fixed memory leak
Base64
Added Context menu option to generate a new random GUID
SPN Search
Updated to support different host searches
User Details
Updated to include GC searches
User’s Groups
Rewrite to use LDAP API instead of ADSI to increase performance and provide better support for AD LDS instances
General
A number of user interface updates to improve performance on list refreshes
DecodeType list:
DEFAULT – ASCII
GTFTIME – Generalized Time Format
FILETIME – Win32 FileTime Format
64TIME – Win32 64bit Time Format
GUID – Windows GUID
SID – Security Identifier
ATTRIBENUM – predefined enumerate
SD – Security Descriptor
BIN – Binary list
SIZE – The size of the data returned
DNSRECORD – DNS entries
BEROID - Basic Encoding Rules (BER) Organization Identifier
DNSPROPERTY – DNS Properties entries
CERT - Certificates
PWDSEC – Password secounds
MSTRUST – Decoder for msds-TrustForestTrustInfo
PERIOD – Certificate renewal period