Author Archives: NetTools

NetTools v1.23.0

Ping ** New **
A new feature that allows multiple devices to be pinged at the same time, paste a list of end points to be pinged, supports short names, FQDN and IP addresses, just paste a list of IP addresses, names, or FQDN to scan

Extended Rights ** New **
Provides the ability to display what extended rights have been assigned to each schema class

Org Structure ** New **
New feature that allows you to browser the organization structure as defined in the AD by the Manager and Delegates attributes

Clipboard Format Viewer ** New **
New feature that allows you display the format of the data that is currently in the clipboard buffer

AD Properties
Updated to use the GC for Membership lookup to increase the performance of group resolution
Added the Hide from GAL option on the Exchange tab
Added LAPS tab to display the details associated to the Local Administrator Password Service on computer object
Added AD and GC server details used to retrieve the details

ACL Browser
Updated to include SACL tab, this requires the SeSecurity right to display the SACL permissions

LDAP Search
Added Display results to update query to increase the performance of updates when updating the attributes on multi-value attributes i.e. Member
Added LDAP filter wizard which provides a graphical query designer
Added an additional filter substitution for an multiple string ANR search. {anr:<string>}
Defined ms-Mcs-AdmPwdExpirationTime as 64Time
Fixed Hex display issue
Fixed bug where results not being displayed when conditional attributes is used
Fixed potential protocol error when SACL option selected
Set the table view as the default option

LDAP Performance
Updated to provide better precision on the timing results

NetGroupEnum
Updated to display both local and global groups and displays the members of a selected group

RID Pool
Updated to use DNS Hostname rather than short name to help name resolution issues

Schema History
Updated to support Exchange CU2 & 3, Windows 10 LAPS

Version Checking
Updated version checking to taking into account changes to Dropbox public folders

NetTools v1.22.0

This update has a number of new features around AD security, NetTools now provides the simple ACL explorer view to display the object, mailbox, and schema security descriptor.  The ACL Browser is able to browser any partitions, if the schema partition is selected the Default Security Descriptor for schema class is also displayed.

Assigned Trustees is a new feature to provide the ability to search for any ACLs that contains the specified trustee, this can be a user, group or any other security principal.

LDAP Search has a number of new features including more Update query options, Auto Complete, and Conditional Attributes.  The Update Queries now support move and delete options, as the object will be moved or deleted, no other attributes updates can be included in the same query. The Auto Complete option is available on the filter and attribute fields, once the Populate list button has been pressed the schema details are cached and are available for Auto Complete on these fields.  The Auto Complete feature also includes a syntax checking on the Attributes field.  This feature will highlight any attributes or decode type in red that are not valid. The Conditional Attributes feature provides the ability to do attributes based comparisons that are not available in standard LDAP queries.  It provides a conditional check against each retuned object from the LDAP search results and will return a true or false result, the results can be static text or an attribute of the returned object.  Conditional Attributes are specified in the Attribute field as an extension to an attribute name and defines the conditional statement with the true and false results. 

Conditional Attributes have the following syntax: <attribute name>;{if:<variable1>[;type]<op><variable2>[;type]:<true result>:<false result>}

attribute name: is the name of the attribute that the result will be returned against
variable1: the first variable for the comparison, this can be an attribute of the object or static text
op: the logic operator used to compare variable1 and variable2, the options are:

==        Equal
!=         Not Equal
>          Greater Than
<          Less than
>=        Greater or equal
<=        Less or equal

variable2: the second variable for the comparison, this can be an attribute of the object or static text.  If the first character of the static entry is ‘*’ then the Equal and Not Equal op will search for the text within in variable1, if not then the variable2 must match variable1, comparisons are case in-sensitive.
type: is an optional format option to define the data type of the variable and is used for the comparison, the options are int or date
true result: the value to be returned against the attribute name if the condition is true
false result: the value to be returned against the attribute name if the condition is false

With all fields, static text is encapsulated in quote marks, and any value not encapsulated is assumed to be a attribute of the object.  Static entries can also include any of the substitutions options, i.e. oid, ip, ipn, idate, zdate, hex, guid, unicode, and userinput
            Examples:

Updated:{if:usnchanged;int==usncreated:”Unchanged”:”Changed”}
One:{if:extensionattribute2==”1”:”true”:extensionattribute2}
PwdChanged:{if:pwdlastset;date>=”10/11/16”:”Updated”:”Needs updating”}
Password_Changed:{if:pwdlastset;date>=”{idate:now-14}”:”Updated”:”Needs updating”}
Not_Admin;{if:member!=”*admin account”:member:” ”}

Access Control Rights  ** New **
A complete rewrite of the Extended Rights and Property Sets options, they are now combined under the one option now including Validated Rights details

ACL Browser  ** New **
A new option to browser the ACL defined in the AD or AD LDS directory

Assigned  Trustees ** New **
This option will scan all accessible objects in the default naming context and displays the list of unique users and groups that have been assigned rights in the AD.  This option is useful to see if a specific security principal has been assigned rights in the directory.

Find Trustee Assignments  ** New **
This option provides the ability to search if the specified trustee has been assigned any rights to any objects in the directory.  Includes an option to include or exclude inherited permissions

Password Checker  ** New **
This option provides the ability to check a single password against a list of accounts, and confirm if the accounts are using the password. The status report will show if the account is currently locked, password reset required, expired, or is disabled. To use this option just paste a list of samaccountnames into the pane, enter the details and click go

Extended Rights  ** Removed  **

AD Subnet
Updated to remove spaces from user input
Updated to display Not Found if the IP address(es) are not defined in the AD

Attribute Replication
Updated to display all the values of attributes with multiple values.

Base64
Updated to support text selection and decodes across multiple lines

LDAP Browser
Significant rewrite of most functions to use the LDAPClass and added attribute cache feature to improve performance over slow links

LDAP Search
Bug fix: resolved issue where the attribute order was not preserved in table view
Now includes support auto complete and validation on filter and attributes fields, this option is available once the populate list button has been pressed.  The auto complete option is enabled by default but can be disabled by deselecting the Auto Complete option.  The Populate list button is shown below:

Added Clear Table option to allow the contents of the table view to not be cleared between searches
Added additional dialog option to allow the selection of attributes for the Attributes field
Added option for Conditional Attributes
Added Enum button to display the internally defined enum used by NetTools to decode attributes
Added PARENTCN DecodeType to display the parent CanonicalName of the object
Added DecodeType for ValidAccesses attribute
Added decode for msDS-UserPasswordExpiryTimeComputed
Added decode for msRTCSIP-UserRoutingGroupId
Added DecodeType SD_NAME_GROUP and SD_SID_GROUP for the primary group in the SD
Fixed sorting issues for Int data types
Updated the LDAP Browser button so if the shift key is held down when clicking on the LDAP Browser button its opened in a non-modal mode, so it can stay open
Updated Display Filter field to support parameter encapsulated in quote marks
Updated the Display Filter logic to provide better support for attributes with multiple values
Updated Value field in update queries to include substitutions commands to work with Input mode data  i.e. AccountExpires=={idate:##input2}
Updated to support quote marks encapsulation for Values in Update queries
Updated the Attribute List dialog to include a manual DecodeType type allocation
Updated so after an update query has completed the preview option is selected to prevent any accidental updates
Updated update queries to support move and delete operator, The delete option is only available once the Delete and Delete Tree options are selected:

To update an attribute an Update Operator must be specified after the attribute name, follow with the value you wish to set.  This is the Syntax for the update operation:

<Attribute><Op><Value>

Attribute:  The name of the attribute that you wish to update
Op: The operation that is to be performed

=+        Add Value to attribute
=-         Remove the Value from the Attribute, if no Value is specified the attribute is cleared
==        Set\Replace the current value of the attribute with Value
=|         Perform a bitwise operation of the current value of the attribute, this Op has a specific format for the Value
Value = <Mask>:<Data>
Mask - the bitwise mask  Note: Input Mode substitution can’t be used on this field, only the data field
Data - is the bits to be set based on the bit mask
=#        Delete object, the Attribute can be any attribute that has a value assigned, no value is required  ** New **
=>        Move the object the new location specified by the Value, the Value should be encapsulated in quote marks ** New **
            The Attribute can be any attribute that has a value assigned
Value: the data to be written to the attribute

Examples:
AccountExpires=={idate:##input2}                          - Set AccountExpires to the int64 value of ##input2
dn=>”cn=users,dc=domain,dc=com”                   - Move the selected object to the specified location
dn=#                                                                - Delete the object from Active Directory

General
Added a DN Select Location option to all fields that require a DN entry, which allow the DN to be selected by browsing the specified directory.  The Select Location button has three dots ...
Updated to include better support for displaying Unicode and UTF-8 LDAP strings

Group Compare
Bug fix – auto sort is disabled when SID resolution is selected

Group Manager
Updated to allow cross forest lookup of security principals

Last Logon Time
Fixed intermittent Indexing error

AD Properties dialog
Bug fix – fixed issues where primary group is not resolved in some domain configurations
Updated to display the user’s thumbnail photo
Improved the user feedback and stability when the members and memberof tabs are displayed for object with large number of memberships
Updated icons in member and memberof to show disabled objects

Schema Version
Updated to include the Forest, Domain and Domain Controller Functional Levels
Updated to cover Windows 2016 technical preview 4

Schema History
Updated to include Exchange 2016 CU1

Search
Use with option on context menu updated with ACL Browser option
Updated to display an icon for each object returned, disabled objects are shown with a disabled icon

User Rights
Updated to display current assigned and enabled user rights

DecodeType list:
    DEFAULT - ASCII
    64DATE - Win32 64bit Date Format
    64TIME - Win32 64bit Date & Time Format, local time
    64TIME_UTC - Win32 64bit Date & Time Format, UTC
    ATTRIBENUM - predefined enumerate
    ATTRIBENUM_NONUM - predefined enumerate only symbolics are displayed
    BEROID - Basic Encoding Rules (BER) Organization Identifier
    BIN - Binary list
    CERT - Certificates
    COUNT - Returns the number of entries in the attribute
    CRL - Certificate Revocation List
    DNSPROPERTY - DNS Properties entries
    DNSRECORD - DNS entries
    DNSRECORD.DATA - return only the data field
    DNSRECORD.RANK - return only the rank field
    DNSRECORD.SERIAL - return only the serial field
    DNSRECORD.TIMEOUT - return only the timeout field
    DNSRECORD.TIMESTAMP - return only the timestamp field
    DNSRECORD.TTL - return only the ttl field
    DNSRECORD.TYPE - return only the type type field
    DNSRECORD.VERSION - return only the version field
    DSA_SIG - DSA Signature
    FILETIME - Win32 File Date & Time Format
    GTFTIME - Generalized Time Format, local time
    GTFTIME_UTC - Generalized Time Format, UTC
    GUID - Windows COM GUID format
    GUID_LDAP - GUID in LDAP filter format
    GUID_RAW - Hex GUID format
    HEX - Display a number if Hex format
    IP - DWORD IP address in windows order
    IPN - DWORD IP address in network order
    MSTRUST - Decoder for msds-TrustForestTrustInfo
    NTDS_CONN_OPT - Returns the options for the Options of NTDSConnection
    NTDS_DSA_OPT - Returns the options for the Options of NTDSDSA
    NTDSSSITE_OPT - Returns the options for the Options of NTDS Sites Settings
    PARENTCN - Returns the parent container of the CanonicalName
    PARENTDN - Returns the parent container of the distinguishedName
    PERIOD - Certificate renewal period
    PSMTP - Display primary smtp entry
    PWDSEC - Password secounds
    PX400 - Display primary x400 entry
    PX500 - Display primary x500 entry
    REPL_UTDV - NC Up ToDateness Vectors
    REPS_INFO - Replication neighbours RepsTo and RepsFrom
    RIDPOOL - RID Pool Allocations
    SD - Security Descriptor in SDDL format
    SD_NAME - Returns the resolved names of all the entries in the SD
    SD_NAME_DACL - Returns the resolved names of the DACL entries in the SD
    SD_NAME_GROUP – Return the primary group assigned in the SD
    SD_NAME_OWNER - Returns the resolved name of the owner in the SD
    SD_NAME_SACL - Returns the resolved names of the SACL entries in the SD
    SD_SID - Returns the SID of all entries in the SD
    SD_SID_DACL - Returns the SID of the DACL entries in the SD
    SD_SID_GROUP – Returns the primary group assigned in the SD
    SD_SID_OWNER - Returns the SID of the Owner in the SD
    SD_SID_SACL - Returns the SID of the SACL entries in the SD
    SID - Display Security Identifier in text form
    SID_ABS - Display the absolute name of the SID
    SID_REL - Display the relative name of the SID
    SITE_LINK_OPT - Returns the options for the Options of SiteLink
    SIZE - The size of the data returned
    SMTP - Display only smtp entries
    TRANSPORT_OPT - Returns the options for the Options of transport container
    X400 - Display only x400 entries
    X500 - Display only x500 entries

NetTools v1.21.0

While this is only a minor version number change, this version is a significant change in the functionality of NetTools.  With previous versions the LDAP Search option would only allow you to query the AD or LDAP directory.  With this version you can now perform update operations on objects in the directory.  Combined with the new Batch and Multi-Column Input Modes the update option offers tremendous flexibility and power to update objects in the directory. Like any tool that allow direct writes to the directory, it also has the potential to cause damage, so use with care!!

To use the Update option you have to input the required details in the Attribute field, see the syntax below, you then need to select the Enable Updates option. This will enable the preview mode by default as an extra safety net.  Preview mode allow you to run the query and show the values that would be written to the attributes when the preview mode is turned off.  When Preview mode is deselected the Go button turns red to show that the update mode is enabled and attributes could be changed when the query is run.  Please note, there is no undo option for updates.  When you run an update query the values returned against each of the attributes are the new value for the attributes after the update has been completed.  If an error occurs during the update the LDAP error code is returned, in most case these are self explanatory and are usually due to a schema restriction.  See the Single Update option below for more information on how to determine which update caused the error.

The Add operator ‘=+’ can fail due of the schema definition of an attribute that is being updated.  If you use Add operator to update an attribute that has a schema definition of single value, if there is no value assigned to the attribute the update will succeed. However, if there is a value already assigned the update will fail.  In the case of single value attributes its better to use the Set ‘==’ operator to assign the new value, as this will set or replace the existing value.

The value provided to update attributes can use the same substitution options that are available in the filter field i.e sid, oid, ip, ipn, idate, zdate, hex, guid, unicode, and userinput.  There is additional substitutions options for the attributes field, these are attrib and code characters.  The attrib substitution option can be used to retrieve the value of an attributes, this is useful for updating multiple line single value attributes like the Info field.  To retrieve the value of an specific attribute, this doesn’t have to be the same attribute as the one that is being updated, you only need to specify the attribute name in the subst command i.e. {attrib:info}.  The support for the retrieval of a value is limited to attributes that only have a single value set.  If multiple values are assigned to the attribute the retrieval will fail and report an error that multiple values exist.  The substitution also supports the use of the standard C\C++ Escape characters to include control character or binary values, these are listed below.       

The batch mode feature provides the ability to run a number of saved queries in a specified order.  It can be used to complete management tasks, one example is the automation of disabling inactive accounts.  This is achieved by creating a query that returns all accounts that are inactive based on your audit requirement, then the next query in the batch list is an update query that is configured as input query taking the results from the first query as an input, these accounts are then disabled by the second query. 

Group Compare  ** New **
Provides the ability to compare the group membership of two users accounts.  There are two comparison options, compare by Name or Object SID.  The list of groups that are returned can be derived from either the group membership attribute of the user or the user’s Token Group details which will contain all the SIDs of all the groups, including nested groups, and domain security principals that are granted at logon.  The SIDs can also be resolved in a number of different ways:
None – the SID is displayed.
Relative – the name associated to the SID based on the SID assigned to the ObjectSID or SIDHistory attributes in the domain.
Absolute – the SID is referenced back to the source domain and real name is displayed.  Network performance and old SID History entries to a non-existent domain can impact the performance of this resolution type.

Last Logon Time  ** New **
This new feature allows you to display the last logon time for a list of users.  NetTools will scan all the domain controllers in the domain for the individual Logon Time and display which Domain controller has the latest time.  You just need to paste a list of samaccountnames into the output pane and click Go.

AD Properties Dialog
Added ability to open the properties dialog for managers and direct reports.
Updated hints on fields to display the name of the attributes that contains the value.

AD Replication Queue
Added option to change how long the queue entries are display before they are removed from the list.

DC Resolution
Bug Fix: fixed issues in the default context detection

Last Logon
Updated Last Logon output to include the meta for the PwdLastSet attribute.
Updated the Event log scan criteria to also look for the user’s UPN as well as SamAccountName.

AD Attributes Dialog
Added the Single column to display if the attribute is single value.

LDAP Browser
Bug Fix: resolved issue where the browser could be slow to open.
Added additional context menu option on the Attribute menu to allow the Raw attribute data to be viewed.

LDAP Search
Bug Fix: Intermittent Invalid handle exception.
Bug Fix: in security descriptor decoder.
Added a Zoom feature for the Filter and Attribute fields.
Added CSV output option, when used in conjunction with the fie output option
Updated with support for Windows 2016TP3
Improved the performance of the column redraw.
Removed the limitation that requires the DN to be in the first column for DN context menu items
Updated PWDSEC DecodeType to handle 64 bit -1 correctly
Added decode for the pwdProperties attribute
Two new subst options available on the filter and attribute fields. These are called userinput and unicode.  The userinput will prompt the user for an input. This requires a label which is shown on the dialog box.  The user inputs are cached against the label, if a label is used a second time the cached response is used and the user is not prompted. The userinput subst can be nested in other subst options e.g. (pwdpastset>={idate:{userinput:Date}}) the user would be prompt to enter the date, then the idate subst will cover this into a 64 bit date code.  The Unicode subst will convert the text to a escaped hex unicode value i.e. {unicode:uni-text} results in \75\00\6E\00\69\00\2D\00\74\00\65\00\78\00\74\00
The Input Mode paste and file load function have been updated to allow up to ten column inputs to be added.  The separation is the tab character, which is the default used by Excel when copying multiple columns.  Each column is given its own designator i.e. ##input, ##input2, ##input3 etc.  These designator can then be used in the DN, Filter, and Attribute fields and will be substituted for the value in the column when the query is run.

Batch Mode ** New **
Allows you to specify a list of favorite queries to be executed in a specified order.  The output of one query can be used as the input for the next query.  Use the Batch List button to select the queries and order.  The batch list can be saved and recalled at a later date.
Update Mode  ** New **
The LDAP Search now has has the ability to update attributes based on the values specified in the attribute field or data specified in the Input Mode columns. To update an attribute an Update Operator must be specified after the attribute name, follow with the value you wish to set.  This is the Syntax for the update operation:

<Attribute><Op><Value>
Attribute:  The name of the attribute that you wish to update
Op: The operation that is to be performed
=+        Add Value to attribute
=-         Remove the Value from the Attribute, if no Value is specified the attribute is cleared
==        Set\Replace the current value of the attribute with Value
=|         Perform a bitwise operation of the current value of the attribute, this Op has a specific format for the Value
Value = <Mask>:<Data>
Mask - the bitwise mask  Note: Input Mode substitution can’t be used on this field, only the data field
Data - is the bits to be set based on the bit mask
Value: the data to be written to the attribute

Examples:
ExtensionAttribute1==Office1                              - Sets the ExtensionAttribute1 to Office1
ProxyAddresses=+smtp:www.world.com - Adds the value to the ProxyAddresses, the existing values are preserved
ProxyAddresses=-smtp:www.world.com              - Removes the specific value from the attribute
ProxyAddresses=-                                              - Clear the attribute, i.e. set to not set
UserAccountControl=|2:2                                    - Sets the 2 bit of the attribute to 1
UserAccountControl=|2:0                                    - Clears the 2 bit of the attribute to 0
UserAccountControl=|6:4                                    - Clears the 2 bit and sets the 4 bit of the attribute
UserAccountControl=|2:##input2                        - sets bit 2 to the value of ##input2
Info=={attrib:info}\n user updated as part of change 31012
Info=={attrib:info}{attrib:mail} user updated as part of change 31012
Objectversion=={attrib:objectversion}1
Binary=+\23\34\01\5a\4f\00

The Update mode can be combined with the multi-column Input Mode to update the attributes on objects with different values.  For example if you wanted to update the department and telephone numbers in AD for a number of users.  If you paste three columns of data containing a list of samaccountname, department name, and new telephone number and then by setting the Filter field to (samaccountname=##input) and the attribute field to Department==##input2, telephone==##input3 you can update all the users details in one operation.  Another example you have a list of users that need to be disabled and another list of users that need to be enabled.  If you combine the list of samaccountname and in the second column specify 0 for an account you want to enable and 2 for an account you want to disable.  Pasting these columns into Input Mode and set the Filter field the same as with the previous example but setting the Attribute field to UserAccountControl=|2:##input2, this will update all the accounts in one operation.

Single Update – is the default when the Update mode is selected, this causes all the required updates to be performed as a single update when the query is run.  The disadvantage to using single update is if you update multiple attributes at once and one of the updates fails i.e. due to a schema restriction, the resulting error message which is reported is against the first attribute that is displayed and not the attribute that caused the update to fail.  By deselected Single Update option, each update is performed separately and if that update fails the error message is display against the attribute that failed to update.

Search
Added option to context menu to select which attributes are displayed

Schema Browser
Added an extra column to show if the Attribute is available in the GC

Schema History
Updated to include Exchange 2016 RTM, Windows 2016TP3

Schema Version
Updated to include Exchange 2013 CU1/2/3/4/5/6/7 & SP1, 2016, and Windows 2016TP3

User Groups
Update output to include security principal SID

C\C++ Escape Characters:

\a         07        Alarm (Beep, Bell)
\b         08        Backspace
\f          0C        Formfeed
\n         0A        Newline (Line Feed); see notes below
\r          0D       Carriage Return
\t          09        Horizontal Tab
\v         0B        Vertical Tab
\\          5C       Backslash
\'          27        Single quotation mark
\"          22        Double quotation mark
\?         3F         Question mark
\hh       any       The character whose numerical value is given by hh interpreted as a hexadecimal number

NetTools v1.20.0

Attribute Replication  ** New **
The ability to check the value of attributes of an object across all domain controllers in the specified name context.  Also ideal for checking the value of non-replicated attributes.

Replication Queue  ** New **
Displays the replication queue on the specified domain controller.

Domain Tree ** New **
Displays the domains in a forest and the domain controllers in each domain.  Supports forests with non-contiguous namespaces.

LDAP Search
Filter field now performs validation of the entered filter, if the entered filter is incorrect the field background will turn red.  The filter validation is only available after the populate list button at the end of the server name field has been pressed.

Updated Dynamic attributes to include additional attributes to support column sorting across a wide range of attributes in Table view.  Note: the download of the additional attributes can impact the time taken to complete queues, this option can be turned off by unselecting the Sort Attributes options.
Added option to select if the Attribute tag is displayed or not in the output pane
Added SID_ABS decodetype provides absolute resolution of SID to the source domain.
Fixed bug in the LDAP Connection options where int options are not set correctly.
Fixed bug in Dynamic Attribute hash table.
Updated DS behavior type to include Windows 2012R2.
Added decode for msDS-Behavior-Version.
Changed DNSProperty decode type to Binary due to unknown data formats in the attribute.
           LDAP Browser
Updated so the double click Attribute dialog works when secure control are selected (Delete or Recycle Bin).
Added check button to limit the left hand pane to limit the display to container objects.

Schema History
Updated to support the following schema changes:
Exchange 2013 RTM, CU1, CU2, CU3, SP1, CU5, CU6, CU7

Site Browser
Updated upstream and downstream replication partners view to include AD site of the DC.
Updated to include validate function on the servers view to test servers are available.

Last Logon
Updated to support Windows 7/8/2008/2012 logon events.
Updated to support unlock and new credential logon types.
Updated to display more event details.
The list of DCs is limited to the DCs in the same domain context as the user.

Locked Accounts
Updated view to include samaccountname and DN.
Updated context allow Last Logon for selected item.

User Details or Search
Renamed option to Search to better reflect its function.
Updated with column sort.
Updated logic around the GC selection in case of DNS issues.
Updated GC find logic to support both domain and server resolution.
Updated context Use With menu to include Attribute Replication.

DC Resolution
Added option to limit the DC returned to the DC in the same domain context as the specified server.
Updated so if the dnsHostName entry is not found for the name, the name is used.  This is to allow port scanning of devices that are not DCs and not IP addresses.
Updated to allow user specified ICMP time out.
Updated to allow user specified IP TTL on port scans.

WINS Lookup
Improved text entry logic so previous commands can be entered again by pressing enter on the previous command.

General
Updated error reporting on the AD Properties dialog.
Updated a number of internal functions to use LDAP APIs instead of the slower ADSI APIs.

DecodeType list:
    DEFAULT - ASCII
    64DATE - Win32 64bit Date Format
    64TIME - Win32 64bit Date & Time Format, local time
    64TIME_UTC - Win32 64bit Date & Time Format, UTC
    ATTRIBENUM - predefined enumerate
    ATTRIBENUM_NONUM - predefined enumerate only symbolics are displayed
    BEROID - Basic Encoding Rules (BER) Organization Identifier
    BIN - Binary list
    CERT - Certificates
    COUNT - Returns the number of entries in the attribute
    CRL - Certificate Revocation List
    DNSPROPERTY - DNS Properties entries
    DNSRECORD - DNS entries
    DNSRECORD.DATA - return only the data field
    DNSRECORD.RANK - return only the rank field
    DNSRECORD.SERIAL - return only the serial field
    DNSRECORD.TIMEOUT - return only the timeout field
    DNSRECORD.TIMESTAMP - return only the timestamp field
    DNSRECORD.TTL - return only the ttl field
    DNSRECORD.TYPE - return only the type type field
    DNSRECORD.VERSION - return only the version field
    DSA_SIG - DSA Signature
    FILETIME - Win32 File Date & Time Format
    GTFTIME - Generalized Time Format, local time
    GTFTIME_UTC - Generalized Time Format, UTC
    GUID - Windows COM GUID format
    GUID_LDAP - GUID in LDAP filter format
    GUID_RAW - Hex GUID format
    HEX - Display a number if Hex format
    IP - DWORD IP address in windows order
    IPN - DWORD IP address in network order
    MSTRUST - Decoder for msds-TrustForestTrustInfo
    NTDS_CONN_OPT - Returns the options for the Options of NTDSConnection
    NTDS_DSA_OPT - Returns the options for the Options of NTDSDSA
    NTDSSSITE_OPT - Returns the options for the Options of NTDS Sites Settings
    PARENTDN - Returns the parent container of the distinguishedName
    PERIOD - Certificate renewal period
    PSMTP - Display primary smtp entry
    PWDSEC - Password secounds
    PX400 - Display primary x400 entry
    PX500 - Display primary x500 entry
    REPL_UTDV - NC Up ToDateness Vectors
    REPS_INFO - Replication neighbours RepsTo and RepsFrom
    RIDPOOL - RID Pool Allocations
    SD - Security Descriptor in SDDL format
    SD_NAME - Returns the resolved names of all the entries in the SD
    SD_NAME_DACL - Returns the resolved names of the DACL entries in the SD
    SD_NAME_OWNER - Returns the resolved name of the owner in the SD
    SD_NAME_SACL - Returns the resolved names of the SACL entries in the SD
    SD_SID - Returns the SID of all entries in the SD
    SD_SID_DACL - Returns the SID of the DACL entries in the SD
    SD_SID_OWNER - Returns the SID of the Owner in the SD
    SD_SID_SACL - Returns the SID of the SACL entries in the SD
    SID - Display Security Identifier in text form
    SID_ABS - Display the absolute name of the SID
    SID_REL - Display the relative name of the SID
    SITE_LINK_OPT - Returns the options for the Options of SiteLink
    SIZE - The size of the data returned
    SMTP - Display only smtp entries
    TRANSPORT_OPT - Returns the options for the Options of transport container
    X400 - Display only x400 entries
    X500 - Display only x500 entries

NetTools v1.19.8

Meta Data Dialog
Added column sort

DsGetDcName
Added option for DS Version 8

LDAP Search
Defined LastSetTime, PriorSetTime, msDS-UserPasswordExpiryTimeComputed as 64TIME
Bug fix - Updated favorites list so schemaupdates is not displayed
Bug fix - DecodeType debug string now works for all DecodeTypes

LDAP Browser
Added Meta Data option to the context menu
Fixed bug where user defined decodes were not honoured

Schema Version
Updated to support Windows 2012R2 forest and domain versions
Schema History
Updated to support the following schema changes:

Cisco Unity 4
Cisco Unity Contact Center
Cisco Call Manager
Solgenia Facsys Fax/Routing Suite
Server For Unix
Server For Unix v3.0
Exchange Unified Messaging
Exchange 2010SP1
Quest ActiveRoles

DC Resolution
Removed the dependency on a domain lookup to allow Port scans on IP addresses for machines that are not a DC

User Details
Added option to use GC for foreign object that are not in the default NC of the selected domain controller, this is to help performance when accessing objects in domains that might not be in the same site. The GC will be used for all dialogs. The AD Properties dialog will be display a warning when a GC is being used as group members is not consistent when using a GC
Updated to include scope option when the GC is used, this allows the scope to be limited to a particular NC or to overcome search issues when the forest has a non-contiguous name space
Added option to manage groups from context menu.
            Token Size
Updated to include a base DN option to allow a specific DN to be searched, if blank it will search the default DN of the selected domain controller

DecodeTypes list:
    DEFAULT - ASCII
    64DATE - Win32 64bit Date Format
    64TIME - Win32 64bit Date & Time Format, local time
    64TIME_UTC - Win32 64bit Date & Time Format, UTC
    ATTRIBENUM - predefined enumerate
    ATTRIBENUM_NONUM - predefined enumerate only symbolics are displayed
    BEROID - Basic Encoding Rules (BER) Organization Identifier
    BIN - Binary list
    CERT - Certificates
    COUNT - Returns the number of entries in the attribute
    CRL - Certificate Revocation List
    DNSPROPERTY - DNS Properties entries
    DNSRECORD - DNS entries
    DNSRECORD.DATA - return only the data field
    DNSRECORD.RANK - return only the rank field
    DNSRECORD.SERIAL - return only the serial field
    DNSRECORD.TIMEOUT - return only the timeout field
    DNSRECORD.TIMESTAMP - return only the timestamp field
    DNSRECORD.TTL - return only the ttl field
    DNSRECORD.TYPE - return only the type type field
    DNSRECORD.VERSION - return only the version field
    DSA_SIG - DSA Signature
    FILETIME - Win32 File Date & Time Format
    GTFTIME - Generalized Time Format, local time
    GTFTIME_UTC - Generalized Time Format, UTC
    GUID - Windows COM GUID format
    GUID_LDAP - GUID in LDAP filter format
    GUID_RAW - Hex GUID format
    HEX - Display a number if Hex format
    IP - DWORD IP address in windows order
    IPN - DWORD IP address in network order
    MSTRUST - Decoder for msds-TrustForestTrustInfo
    NTDS_CONN_OPT - Returns the options for the Options of NTDSConnection
    NTDS_DSA_OPT - Returns the options for the Options of NTDSDSA
    NTDSSSITE_OPT - Returns the options for the Options of NTDS Sites Settings
    PARENTDN - Returns the parent container of the distinguishedName
    PERIOD - Certificate renewal period
    PSMTP - Display primary smtp entry
    PWDSEC - Password secounds
    PX400 - Display primary  x400 entry
    PX500 - Display primary x500 entry
    REPL_UTDV - NC Up ToDateness Vectors
    REPS_INFO - Replication neighbours RepsTo and RepsFrom
    RIDPOOL - RID Pool Allocations
    SD - Security Descriptor in SDDL format
    SD_NAME - Returns the resolved names of all the entries in the SD
    SD_NAME_DACL - Returns the resolved names of the DACL entries in the SD
    SD_NAME_OWNER - Returns the resolved name of the owner in the SD
    SD_NAME_SACL - Returns the resolved names of the SACL entries in the SD
    SD_SID - Returns the SID of all entries in the SD
    SD_SID_DACL - Returns the SID of the DACL entries in the SD
    SD_SID_OWNER - Returns the SID of the Owner in the SD
    SD_SID_SACL - Returns the SID of the SACL entries in the SD
    SID - Display Security Identifier in text form
    SID_REL - Display the relative name of the SID
    SITE_LINK_OPT - Returns the options for the Options of SiteLink
    SIZE - The size of the data returned
    SMTP - Display only smtp entries
    TRANSPORT_OPT - Returns the options for the Options of transport container
    X400 - Display only x400 entries
    X500 - Display only x500 entries

NetTools v1.19.0

LDAP Performance
Added support for SSL LDAP connections

LDAP Search
Attribute DecodeType Manager – the ability to manage the DecodeType assigned to attributes.  There is a new button at the end of the Attribute field to open the DecodeType manager  ** New **
Added HEX DecodeType **New **
Added GUID_RAW DecodeType ** New **
Added GUID_LDAP DecodeType ** New **
Added ParentDN DecodeType  which returns the parent DN from the DistinguishedName attribute, only CN and OU parents are currently supported ** New **
Updated certificate verification options:

Verify Certs       Display Results              Behavior
Not selected      N\A                               No verification is performed, a certificate with errors will be accepted and the search performed
Selected            Not Selected                  The Microsoft standard certificate verification is performed, this normally doesn’t include a revocation test.  The search will only be performed if the certificate is valid.
Selected            Selected                        Extended verification process is used, this will verify the certificate and revocation for the full certificate chain and results will be displayed.  The search will only be completed if the whole certificate chain is valid.

Improved the column redraw speed in Table Input mode
DNS Record DecodeType updated to display the tombstone time and date for a deleted record
Added Regular expression filter to the display filter

<Attribute[;Type]> <Operator> <[Value][List Name]> [Logical Operator] [condition2] [Logical Operator] [condition3] [...]
     Operator           The comparison operator, supported operators are:
                   ==        Equal
                   !=         Not Equal
                   >=        Greater than or equal
                   <=        less than or equal
                   >          Greater than
                   <          Less than
                   ##        In list (exact match)
                   !#         Not in list (exact match)
                   %%      Contains item from list
                   !%        Does not contain item from list
                   Regx    Provide Regular Expression matching on the attribute

Example: name regx ^[sS][a-z]*

LDAP Browser
To increase the performance of browsing LDAP over an SSL connection and bypass certificate errors, updated not to perform any certificate verification testing on connecting
A new context menu to define the DecodeType for attributes ** New **

DCs in Sites
Updated so that resolution of the DC’s IP address is optional

User’s Groups
Updated to also display the group scope for each group

DecodeType list:
    DEFAULT - ASCII
    GTFTIME - Generalized Time Format, local time
    GTFTIME_UTC - Generalized Time Format, UTC
    FILETIME - Win32 File Date & Time Format
    64TIME - Win32 64bit Date & Time Format, local time
    64TIME_UTC - Win32 64bit Date & Time Format, UTC
    64DATE - Win32 64bit Date Format
    HEX - Display a number if Hex format
    PARENTDN - Returns the parent container of the distinguishedName
    GUID – Windows COM GUID format
    GUID_RAW – hex GUID format
    GUID_LDAP – returns the LDAP search filter format
    SID - Display Security Identifier in text form
    SID_REL - Display the relative name of the SID
    RIDPOOL - RID Pool Allocations
    IP - DWORD IP address in windows order
    IPN - DWORD IP address in network order
    ATTRIBENUM - predefined enumerate
    DSA_SIG - DSA Signature
    NTDS_DSA_OPT - Returns the options for the Options of NTDSDSA
    NTDS_CONN_OPT - Returns the options for the Options of NTDSConnection
    SITE_LINK_OPT - Returns the options for the Options of SiteLink
    TRANSPORT_OPT - Returns the options for the Options of transport container
    NTDSSSITE_OPT - Returns the options for the Options of NTDS Sites Settings
    REPL_UTDV - NC Up ToDateness Vectors
    REPS_INFO - Replication neighbours RepsTo and RepsFrom
    SD - Security Descriptor in SDDL format
    SD_SID - Returns the SID of all entries in the SD
    SD_SID_DACL - Returns the SID of the DACL entries in the SD
    SD_SID_SACL - Returns the SID of the SACL entries in the SD
    SD_SID_OWNER - Returns the SID of the Owner in the SD
    SD_NAME - Returns the resolved names of all the entries in the SD
    SD_NAME_DACL - Returns the resolved names of the DACL entries in the SD
    SD_NAME_SACL - Returns the resolved names of the SACL entries in the SD
    SD_NAME_OWNER - Returns the resolved name of the owner in the SD
    BIN - Binary list
    SIZE - The size of the data returned
    COUNT - Returns the number of entries in the attribute
    DNSRECORD - DNS entries
    DNSRECORD.TYPE - return only the type type field
    DNSRECORD.VERSION - return only the version field
    DNSRECORD.RANK - return only the rank field
    DNSRECORD.SERIAL - return only the serial field
    DNSRECORD.TTL - return only the ttl field
    DNSRECORD.TIMEOUT - return only the timeout field
    DNSRECORD.TIMESTAMP - return only the timestamp field
    DNSRECORD.DATA - return only the data field
    BEROID - Basic Encoding Rules (BER) Organization Identifier
    DNSPROPERTY - DNS Properties entries
    CERT - Certificates
    CRL - Certificate Revocation List
    PWDSEC - Password secounds
    MSTRUST - Decoder for msds-TrustForestTrustInfo
    PERIOD - Certificate renewal period
    SMTP - Display only smtp entries
    X400 - Display only x400 entries
    X500 - Display only x500 entries
    PSMTP - Display primary smtp entry
    PX400 - Display primary  x400 entry
    PX500 - Display primary x500 entry

NetTools v1.18.3

Mail Conflicts  **New**
A new test that is useful for diagnosing Quest DirSync 0xaa0000a7 errors.  The test will check if the mail addresses assigned to the source object already exists on objects in the target domain.  These conflicts stop Quest from merging\migrating mail enabled objects

Mail Unique  **New**
A test to confirm that the mail details of an object are unique in the same forest.  Just paste a list of samaccountnames of objects and check Go.  Any duplicates will be displayed

DC Updates
Now has the option to limit which DC are display and monitored based on the domain context
Added current time from each DC to show if DCs are in time sync

LDAP Search
Added option to specify the number of items returned per page query
Added new UTC options for 64time, gtftime decodes
Added 64Date back as it disappeared for some reason
Filter help updated with the substitution options
Added Reset button to set the options to the default settings
Added decodes for msFVE-KeyPackage, msFVE-RecoveryGuid, and msFVE-VolumeGuid
Added decodes for proxyaddresses, these are more display filters than decodes types, only the specified entries are displayed. SMTP, X400, X500, By using the P options only the primary entry (upper case) is displayed PSMTP, PX500, PX400

LDAP Browser
Fixed bug in the user defined columns not being displayed correctly
Updated the context menu to support LDAP Search updates

LDAP Performance
Disabled referrals on one level search so sub domains don’t impact the test results
Added stop button
Added option to purge Kerberos tickets between test to test the authentication process on each pass

AD Properties
Computer objects now includes the account logon details tab

User Details
Changed the context menu to include Use with, so search results can be piped to other tests in NetTools

General
Fixed bug in ini file read\write functions, so the ini file is only updated in the startup directory
Manage List ** New ** context menu option to manage dropdown lists

DecodeType list:
    DEFAULT - ASCII
    GTFTIME - Generalized Time Format, local time
    GTFTIME_UTC - Generalized Time Format, UTC
    FILETIME - Win32 File Date & Time Format
    64TIME - Win32 64bit Date & Time Format, local time
    64TIME_UTC - Win32 64bit Date & Time Format, UTC
    64DATE - Win32 64bit Date Format
    GUID - Windows GUID
    SID - Display Security Identifier in text form
    SID_REL - Display the relative name of the SID
    RIDPOOL - RID Pool Allocations
    IP - DWORD IP address in windows order
    IPN - DWORD IP address in network order
    ATTRIBENUM - predefined enumerate
    DSA_SIG - DSA Signature
    NTDS_DSA_OPT - Returns the options for the Options of NTDSDSA
    NTDS_CONN_OPT - Returns the options for the Options of NTDSConnection
    SITE_LINK_OPT - Returns the options for the Options of SiteLink
    TRANSPORT_OPT - Returns the options for the Options of transport container
    NTDSSSITE_OPT - Returns the options for the Options of NTDS Sites Settings
    REPL_UTDV - NC Up ToDateness Vectors
    REPS_INFO - Replication neighbours RepsTo and RepsFrom
    SD - Security Descriptor in SDDL format
    SD_SID - Returns the SID of all entries in the SD
    SD_SID_DACL - Returns the SID of the DACL entries in the SD
    SD_SID_SACL - Returns the SID of the SACL entries in the SD
    SD_SID_OWNER - Returns the SID of the Owner in the SD
    SD_NAME - Returns the resolved names of all the entries in the SD
    SD_NAME_DACL - Returns the resolved names of the DACL entries in the SD
    SD_NAME_SACL - Returns the resolved names of the SACL entries in the SD
    SD_NAME_OWNER - Returns the resolved name of the owner in the SD
    BIN - Binary list
    SIZE - The size of the data returned
    COUNT - Returns the number of entries in the attribute
    DNSRECORD - DNS entries
    DNSRECORD.TYPE - return only the type type field
    DNSRECORD.VERSION - return only the version field
    DNSRECORD.RANK - return only the rank field
    DNSRECORD.SERIAL - return only the serial field
    DNSRECORD.TTL - return only the ttl field
    DNSRECORD.TIMEOUT - return only the timeout field
    DNSRECORD.TIMESTAMP - return only the timestamp field
    DNSRECORD.DATA - return only the data field
    BEROID - Basic Encoding Rules (BER) Organization Identifier
    DNSPROPERTY - DNS Properties entries
    CERT - Certificates
    CRL - Certificate Revocation List
    PWDSEC - Password secounds
    MSTRUST - Decoder for msds-TrustForestTrustInfo
    PERIOD - Certificate renewal period
    SMTP - Display only smtp entries
    X400 - Display only x400 entries
    X500 - Display only x500 entries
    PSMTP - Display primary smtp entry
    PX400 - Display primary  x400 entry
    PX500 - Display primary x500 entry

NetTools v1.17.4

Schema History
Updated to support IBM Tivoli Storage Manager, Forefront TMG, HP Openview Configuration Manager

Schema Browser
Updated to include AttributeID OID
Now uses paged queries to support larger schemas

LDAP Browser
Updated to show the approximate number of objects in a container, if it is filtered

LDAP Search
Added decode for NTMixedDomain attribute

Site DC List
Updated to use a separate thread to improve screen updates on slow WAN networks

Replication Cursors
Updated to display the USN of the destination DC, with a delta to show how many updates are still waiting to be replicated

NetTools v1.17.0

RID Pool **New**
Displays the allocated RID for each domain controller in the selected domain

LDAP Search
Updated with new cleaner UI to allow larger viewable area
Updates to increase attribute decode performance
Updated the filter substitution options on the LDAP filter field to support a hex option i.e. (&(objectclass=group)(grouptype|={hex:0x8000002}))
New DecodeType for RIDAllocationPool, RIDPreviousAllocationPool, RIDAvailablePool,
New 64Date GTDATE decodes to return the date only
Fixed bug with 64TIME decoder
Updated Sort option to support multiple sort attributes.  While NetTools now supports multiple sort attributes, AD\LDS only supports a single sort attribute, if more than one attribute is specified a not supported control error is returned
Added timer to display how long the query has taken to execute
Certificate revocation updated to support Windows 2012 option and support for KB2661254, weak keys
Added support for connection to LDAP server using UDP (CLDAP) protocol. CLDAP only supports anonymous authentication type and must be set manually
Updated attribute help with the SID_REL decode which was missing
Updated to decode an object’s metadata details as an attributes:
     Meta.<Type>.<Attribute>
Type:    ver        Version number
            lusn      Local USN
            ousn     Originating USN
            time      Originating Time
            dc         Originating DC
Attribute: the name of the attribute
    e.g. meta.ver.objectclass, meta.ousn.cn

AD Browser
Updated to have three pane view, displays the tree structure, child objects of the selected object, and the attributes of the select object
Fixed intermittent issue that caused the browser to close the open LDAP server connection

Schema Versions
Updated to support Windows 2012, Windows 2008R2 TPM, Exchange 2010 SP3, Exchange 2013, Lync 2013 and FIM 2010R2 PCNS

Schema History
Updated to support Windows 2012, Windows 2008R2 TPM, Exchange 2010 SP3, Exchange 2013, Lync 2013 and FIM 2010R2 PCNS

Attributes dialog
Updated to support double click to display individual entries

AD Properties Dialog
Updated the included Password not required option
Fixed bug where Members tab was shown for all object types

SDProd
Updated to protect against circular group references, now has a hard coded limit of 100 nested groups

DecodeType List:
    DEFAULT - ASCII
    GTFTIME - Generalized Date & Time Format
    GTDATE - Generalized Date Format
    FILETIME - Win32 FileTime Format
    64TIME - Win32 64bit Date & Time Format
    64DATE - Win32 64bit Date Format
    GUID - Windows GUID
    RIDPOOL – RID pool allocations
    SID - Security Identifier
    SID_REL - Displays the relative name for a Security Identifier
    IP - DWORD IP address in windows order
    IPN - DWORD IP address in network order
    ATTRIBENUM - predefined enumerate
    DSA_SIG - DSA Signature
    NTDS_DSA_OPT - Returns the options for the Options of NTDSDSA
    NTDS_CONN_OPT - Returns the options for the Options of NTDSConnection
    SITE_LINK_OPT - Returns the options for the Options of SiteLink
    TRANSPORT_OPT - Returns the options for the Options of transport container
    NTDSSSITE_OPT - Returns the options for the Options of NTDS Sites Settings
    REPL_UTDV - NC Up ToDateness Vectors
    REPS_INFO - Replication neighbours RepsTo and RepsFrom
    SD - Security Descriptor in SDDL format
    SD_SID - Returns the SID of all entries in the SD
    SD_SID_DACL - Returns the SID of the DACL entries in the SD
    SD_SID_SACL - Returns the SID of the SACL entries in the SD
    SD_SID_OWNER - Returns the SID of the Owner in the SD
    SD_NAME - Returns the resolved names of all the entries in the SD
    SD_NAME_DACL - Returns the resolved names of the DACL entries in the SD
    SD_NAME_SACL - Returns the resolved names of the SACL entries in the SD
    SD_NAME_OWNER - Returns the resolved name of the owner in the SD
    BIN - Binary list
    SIZE - The size of the data returned
    COUNT - Returns the number of entries in the attribute
    DNSRECORD - DNS entries
    DNSRECORD.TYPE - return only the type type field
    DNSRECORD.VERSION - return only the version field
    DNSRECORD.RANK - return only the rank field
    DNSRECORD.SERIAL - return only the serial field
    DNSRECORD.TTL - return only the ttl field
    DNSRECORD.TIMEOUT - return only the timeout field
    DNSRECORD.TIMESTAMP - return only the timestamp field
    DNSRECORD.DATA - return only the data field
    BEROID - Basic Encoding Rules (BER) Organization Identifier
    DNSPROPERTY - DNS Properties entries
    CERT - Certificates
    CRL - Certificate Revocation List
    PWDSEC - Password secounds
    MSTRUST - Decoder for msds-TrustForestTrustInfo
    PERIOD - Certificate renewal period

NetTools v1.16.0

AD Properties dialog
Updated to support copy option in all list fields
Double clicking on foreign security principals in member and memberof now opens the properties of that object
Added Mail nickname attribute to Exchange tab
Added account tab to computer objects

AD Subnets
Added paste option so multiple IP addresses can be resolved

DC Resolution
Fixed bug where the stop button was not displayed if an IP address is used for a manually entered server name.
Fixed bug in the port scan that prevented multiple copies of NetTools from doing scans

Group Members
Added status bar to display which group is currently being enumerated
Updated to resolve foreign security principals
Column sort
Now uses individual queries to resolve group membership a bit slow than ASQ but nested groups from trusted domains are displayed

LDAP Browser
Right pane will now display objects requiring additional server side LDAP controls, i.e. deleted objects

LDAP Search
Decodes updated with Windows Server 2012 details
Bit operator substitution updated to support multiple entries
Dropdown list fields now have auto save when up or down keys are pressed, just for those typo moments
Added decodes for Options attribute for the SiteLink, nTDSConnection, nTDSDSA, interSiteTransport, nTDSSiteSettings.  Due the same attribute name being used for all objects, the Options attribute will not be decoded by default.  However, if the attribute list contains the objectclass attribute before Options, the correct decode will be selected automatically.
DNSRECORD decode now has sub options to allow DNS record field decodes to be displayed
Bug fix – Input mode, Insert option now adds columns if no columns displayed
Bug fix – now displays correct output when single line and hex options are selected
Replication Latency
Fixed bug where the test wouldn’t finish if one or more servers fail

Site Browser
Updated to include Downstream replication partners
Updated to show automatically generated connectors
Updated to include Connection Options

User’s Groups
Added copy options

User Details
Added view Meta Data option to the context menu

General
Update left pane list so items are in alphabetic order for each section

DecodeType List:
    DEFAULT - ASCII
    GTFTIME - Generalized Time Format
    FILETIME - Win32 FileTime Format
    64TIME - Win32 64bit Time Format
    GUID - Windows GUID
    SID - Security Identifier
    IP - DWORD IP address in windows order
    IPN - DWORD IP address in network order
    ATTRIBENUM - predefined enumerate
    DSA_SIG - DSA Signature
    NTDS_DSA_OPT - Returns the options for the Options of NTDSDSA
    NTDS_CONN_OPT - Returns the options for the Options of NTDSConnection
    SITE_LINK_OPT - Returns the options for the Options of SiteLink
    TRANSPORT_OPT - Returns the options for the Options of transport container
    NTDSSSITE_OPT - Returns the options for the Options of NTDS Sites Settings
    REPL_UTDV - NC Up ToDateness Vectors
    REPS_INFO - Replication neighbours RepsTo and RepsFrom
    SD - Security Descriptor in SDDL format
    SD_SID - Returns the SID of all entries in the SD
    SD_SID_DACL - Returns the SID of the DACL entries in the SD
    SD_SID_SACL - Returns the SID of the SACL entries in the SD
    SD_SID_OWNER - Returns the SID of the Owner in the SD
    SD_NAME - Returns the resolved names of all the entries in the SD
    SD_NAME_DACL - Returns the resolved names of the DACL entries in the SD
    SD_NAME_SACL - Returns the resolved names of the SACL entries in the SD
    SD_NAME_OWNER - Returns the resolved name of the owner in the SD
    BIN - Binary list
    SIZE - The size of the data returned
    COUNT - Returns the number of entries in the attribute
    DNSRECORD - DNS entries
    DNSRECORD.TYPE - return only the type type field
    DNSRECORD.VERSION - return only the version field
    DNSRECORD.RANK - return only the rank field
    DNSRECORD.SERIAL - return only the serial field
    DNSRECORD.TTL - return only the ttl field
    DNSRECORD.TIMEOUT - return only the timeout field
    DNSRECORD.TIMESTAMP - return only the timestamp field
    DNSRECORD.DATA - return only the data field
    BEROID - Basic Encoding Rules (BER) Organization Identifier
    DNSPROPERTY - DNS Properties entries
    CERT - Certificates
    CRL - Certificate Revocation List
    PWDSEC - Password secounds
    MSTRUST - Decoder for msds-TrustForestTrustInfo
    PERIOD - Certificate renewal period