Blog

Featured

NetTools Basics

NetTools has a number of common features which are used throughout the program. This post provides details on some of these features.

Option or test Linking
For a number of the tests the output can be used as the input for other tests and options, by selecting the corresponding output entry and right clicking the context menu will display the linking options.  The Search option has a number of linking options that are displayed under the use with sub menu.

Copy and Paste
The outputs from the tests can be copied into other functions in NetTools or to external programs.  The Copy and Paste option are displayed in the right click context menus. For table views it's possible to copy the data in a single column, the line, or the entire table. When the copy column option is selected, mouse position when the right click is pressed is used to define which column will be selected.  For text based output fields it's possible to copy the text as with standard copy and pasting.  The Copy to new window option will copy the contains of the view is copied to a new popup window

Server Lists
In most of the options there is a server or domain enter field, this is a dropdown list.  The right click context menu you save the current name and also manage the lists.  A separate list is used based on the enter field name, i.e. Server, Domain, LDAP filters etc.

Server and Domain Fields
The server and domain fields are optional, by default NetTools will use the domain information of the computer that is running NetTools.  By default the server name will the name returned by the DsGetDcName API.  For the domain filed , the name of the domain that the machine running NetTools will be used.

Credentials
By default NetTools will run in the context of the session that is running NetTools.  It's possible to use the RunAs option to use a different account with elevated permissions. Some of the option have an option to use the credentials that are provided in the LDAP Search option.

Messages\Results pane
On most options, there is a lower pane, this pane is used to display any errors or status report from the execution.

NetTools saved configuration
NetTools uses a single configuration file called NetTools.ini, this is used to save any user defined configuration or saved lists.  NetTools will try to read the configuration from the same location as the exe from executed from.

LDAP Search – LDAP Filter Wizard

The LDAP Filter Wizard provides the ability to display and edit LDAP filters in a hierarchical view. 

The LDAP Filter Wizard provides the following features:

      • Drag and drop to move items around
      • Insert new operators and conditions
      • Change existing operators and conditions
      • Selection of classes and Attributes from dropdown list
LDAP Filter Wizard

The Operators, AND, OR, NOT, and Filter, have a dual function, one to show the operation of the currently selected item, and two to select the operation for the New and Change operations.  When the New Parent, or New Child buttons are pressed the new item will be added based on the selected Operator.  When the Change button is pressed the selected item will change to the selected Operator.  With the Filter Operator you can select the required attribute or class from the dropdown list, additional text can be added to complete the condition before the items is added.

The Delete Button will delete all items under the selected item.  If you wish to preserve any of the items under the selected items, they must be moved to another point in the filter before the item is deleted.

If you click twice on an items in the hierarchical view you can edited the text.

The MS LDAP API and NetTools will expect full compliant RFC4515 Not statements or abbreviated ones.  With RFC4515 the Not statement must be constructed as such (!(condition)) i.e. (!(objectclass=user)), while the MS LDAP API will expect the abbreviated form of (!condition) i.e. (!objectclass=user).  When the RFC4515 option is selected the wizard will return compliant Not statements.  The LDAP Filter Wizard is able to read both formats.

The example shown is using a number of the substitution options, see LDAP Search Substitution

LDAP Search – Static DecodeTypes

NetTools has a number of static DecodeTypes, this is the list of attributes that are defined.  See DecodeTypes for more information

accountExpires DYN_DECODE_64TIME
aelita-Amm-SourceGUID DYN_DECODE_GUID
aelita-Amm-SourceSID DYN_DECODE_SID
aelita-Amm-TargetGUID DYN_DECODE_GUID
aelita-Amm-TargetSID DYN_DECODE_SID
attributeCertificateAttribute DYN_DECODE_CERT
attributeSecurityGUID DYN_DECODE_GUID
attributeSyntax DYN_DECODE_ATTRIBENUM
badpasswordtime DYN_DECODE_64TIME
cacertificate DYN_DECODE_CERT
certificateRevocationList DYN_DECODE_CRL
createtimestamp DYN_DECODE_GTFTIME
creationtime DYN_DECODE_64TIME
currenttime DYN_DECODE_GTFTIME
deltaRevocationList DYN_DECODE_CRL
dnsproperty DYN_DECODE_BINARY
dnsrecord DYN_DECODE_DNSRECORD
domainControllerFunctionality DYN_DECODE_ATTRIBENUM
domainFunctionality DYN_DECODE_ATTRIBENUM
dsasignature DYN_DECODE_BINARY
dSASignature DYN_DECODE_DSA_SIG
dSCorePropagationData DYN_DECODE_GTFTIME
forestFunctionality DYN_DECODE_ATTRIBENUM
grouptype DYN_DECODE_ATTRIBENUM
IndSS-ActualDate DYN_DECODE_64DATE_UTC
IndSS-PlannedDate DYN_DECODE_64DATE_UTC
IndSS-TaskLastRun DYN_DECODE_64TIME_UTC
instancetype DYN_DECODE_ATTRIBENUM
Invocationid DYN_DECODE_GUID
lastLogon DYN_DECODE_64TIME
lastLogonTimestamp DYN_DECODE_64TIME
lockoutDuration DYN_DECODE_PWDSEC
lockOutObservationWindow DYN_DECODE_PWDSEC
lockoutTime DYN_DECODE_64TIME
lockoutTime DYN_DECODE_64TIME
maxPwdAge DYN_DECODE_PWDSEC
minPwdAge DYN_DECODE_PWDSEC
minPwdAge DYN_DECODE_PWDSEC
modifytimestamp DYN_DECODE_GTFTIME
msDFS-TargetListv2 DYN_DECODE_UNICODE
msds-behavior-version DYN_DECODE_ATTRIBENUM
mS-DS-ConsistencyGuid DYN_DECODE_GUID
msDS-LockoutDuration DYN_DECODE_PWDSEC
msDS-LockoutObservationWindow DYN_DECODE_PWDSEC
msDS-MaximumPasswordAge DYN_DECODE_PWDSEC
msDS-MinimumPasswordAge DYN_DECODE_PWDSEC
msDS-TrustForestTrustInfo DYN_DECODE_MSTRUST
msds-user-account-control-computed DYN_DECODE_ATTRIBENUM
msDS-UserPasswordExpiryTimeComputed DYN_DECODE_64DATE_UTC
msExchMailboxGuid DYN_DECODE_GUID
msExchMailboxSecurityDescriptor DYN_DECODE_SD
msExchMasterAccountSid DYN_DECODE_SID
msexchomaadminwirelessenable DYN_DECODE_ATTRIBENUM
msExchRecipientDisplayType DYN_DECODE_ATTRIBENUM
msExchRecipientTypeDetails DYN_DECODE_ATTRIBENUM
msExchSafeSendersHash DYN_DECODE_BINARY
msexchuseraccountcontrol DYN_DECODE_ATTRIBENUM
msFVE-KeyPackage DYN_DECODE_BINARY
msFVE-RecoveryGuid DYN_DECODE_GUID
msFVE-VolumeGuid DYN_DECODE_GUID
ms-Mcs-AdmPwdExpirationTime DYN_DECODE_64DATE_UTC
msMQDigests DYN_DECODE_BINARY
mSMQSignCertificates DYN_DECODE_BINARY
mspki-certificate-name-flag DYN_DECODE_ATTRIBENUM
mspki-enrollment-flag DYN_DECODE_ATTRIBENUM
mspki-private-key-flag DYN_DECODE_ATTRIBENUM
msrtcsip-archivedefaultflags DYN_DECODE_ATTRIBENUM
msrtcsip-archivingenabled DYN_DECODE_ATTRIBENUM
msrtcsip-archivingserverversion DYN_DECODE_ATTRIBENUM
msrtcsip-enablefederation DYN_DECODE_ATTRIBENUM
msrtcsip-meetingflags DYN_DECODE_ATTRIBENUM
msrtcsip-optionflags DYN_DECODE_ATTRIBENUM
msRTCSIP-OriginatorSid DYN_DECODE_SID
msrtcsip-poolfunctionality DYN_DECODE_ATTRIBENUM
msrtcsip-pooltype DYN_DECODE_ATTRIBENUM
msrtcsip-poolversion DYN_DECODE_ATTRIBENUM
msrtcsip-serverversion DYN_DECODE_ATTRIBENUM
msrtcsip-sourceobjecttype DYN_DECODE_ATTRIBENUM
msrtcsip-trustedserverversion DYN_DECODE_ATTRIBENUM
msrtcsip-ucflags DYN_DECODE_ATTRIBENUM
msRTCSIP-UserRoutingGroupId DYN_DECODE_GUID
mSSMSRangedIPHigh DYN_DECODE_IP_W
mSSMSRangedIPLow DYN_DECODE_IP_W
ntmixeddomain DYN_DECODE_ATTRIBENUM
ntsecuritydescriptor DYN_DECODE_SD
objectclasscategory DYN_DECODE_ATTRIBENUM
ObjectGUID DYN_DECODE_GUID
ObjectSID DYN_DECODE_SID
omobjectclass DYN_DECODE_BEROID
oMSyntax DYN_DECODE_ATTRIBENUM
pkidefaultkeyspec DYN_DECODE_ATTRIBENUM
pkiexpirationperiod DYN_DECODE_PERIOD
pkikeyusage DYN_DECODE_ATTRIBENUM
pkioverlapperiod DYN_DECODE_PERIOD
pktGUID DYN_DECODE_GUID
pwdLastSet DYN_DECODE_64TIME
pwdproperties DYN_DECODE_ATTRIBENUM_NONUM
replPropertyMetaData DYN_DECODE_BINARY
repluptodatevector DYN_DECODE_BINARY
replUpToDateVector DYN_DECODE_REPL_UTDV
repsfrom DYN_DECODE_BINARY
repsfrom DYN_DECODE_REPSINFO
repsto DYN_DECODE_BINARY
repsto DYN_DECODE_REPSINFO
ridallocationpool DYN_DECODE_RIDPOOL
ridavailablepool DYN_DECODE_RIDPOOL
ridpreviousallocationpool DYN_DECODE_RIDPOOL
samaccounttype DYN_DECODE_ATTRIBENUM
schemaFlagsEx DYN_DECODE_ATTRIBENUM
schemaIDGUID DYN_DECODE_GUID
sdrightseffective DYN_DECODE_ATTRIBENUM
searchflags DYN_DECODE_ATTRIBENUM
securityIdentifier DYN_DECODE_SID
sidhistory DYN_DECODE_SID
supportedcapabilities DYN_DECODE_ATTRIBENUM
supportedcontrol DYN_DECODE_ATTRIBENUM
supportedextension DYN_DECODE_ATTRIBENUM
systemflags DYN_DECODE_ATTRIBENUM
tokengroups DYN_DECODE_SID
tokenGroupsGlobalAndUniversal DYN_DECODE_SID
tokenGroupsNoGCAcceptable DYN_DECODE_SID
trustattributes DYN_DECODE_ATTRIBENUM
trustdirection DYN_DECODE_ATTRIBENUM
trusttype DYN_DECODE_ATTRIBENUM
useraccountcontrol DYN_DECODE_ATTRIBENUM
userCertificate DYN_DECODE_CERT
userparameters DYN_DECODE_BINARY
userSMIMECertificate DYN_DECODE_CERT
validaccesses DYN_DECODE_ATTRIBENUM
WhenChanged DYN_DECODE_GTFTIME
Whencreated DYN_DECODE_GTFTIME

Dynamic & Sort Attributes Options

The Dynamic and Sort Attributes options controls how attributes are decoded and sorted in the LDAP Search table view. 

When the Dynamic Attributes option is selected, before the user query is run, NetTools will query the Schema for all attributes that have the following attributes:

  • Any attributes that have Attribute Syntax of 2.5.5.12 (Sec-Desc) and will set the decode type to DYN_DECODE_SD for these attributes
  • Any attributes that have an Attribute Syntax of 2.5.5.17 (SID) and will set the decode type to DYN_DECODE_SID for these attributes 
  • Any attributes that have an Attribute Syntax of 2.5.5.11 (Generalized Date) and will set the decode type to DYN_DECODE_GTFTIME for these attributes
  • Any attributes that have an Attribute Syntax of 2.5.5.10 (Octet) and a fixed length of 16 and the name contains GUID and will set the decode type to DYN_DECODE_GUID for these attributes

If the Sort Attributes option is also enabled the following additional decode type will be set, this is to support the correct sorting of attribute data in the table view.

  • Any attributes that have Attribute Syntax of 2.5.5.16 (Large-integer) will be set to a decode type of DYN_DECODE_LARGEINT
  • Any attributes that have Attribute Syntax of 2.5.5.9 (Integer) will be set to a decode type of DYN_DECODE_INT

Attributes are have their DecodeType set by this process are shown in the Define Decode dialog with a type as Dynamic.

With both options selected is does result in more data being downloaded from the server, if the server is at the end of a slow link, deselecting these options will increase the speed, but at the cost of functionality.

LDAP Search – Populate

The LDAP Search Populate button is used to load a number of configuration options from the server, these details are then used to enable a number of other features in LDAP Search, this article provides the details of the features that are enabled.  The Populate button is shown below.

Server Bar

When the button is pressed the RootDSE for the server is retrieved and the following details are populated.

  • Sets the ##default, ##config, and ##schema variables with the corresponding naming contexts. See LDAP Search Favorites
  • Set the server field to the server that provided the RootDSE
  • Sets the BaseDN field to the default naming context in the RootDSE, if the server is not AD, this will be set to the first non Configration based NC
  • Instantiates the LDAP API so filter validation is enabled
  • If the Auto Complete option is enabled, the complete list of attributes is also downloaded from the server and the Attribute List button is enabled
  • The complete list of Attributes and classes are available in the LDAP Filter Wizard

LDAP Session Option

The LDAP Session dialog provides the ability to set the session parameters. The dialog displays the available options which can be configured and set.  By double clicking on the option a configuration dialog is displayed to allow the option to be set.  The checkbox next to the option must be selected for the option to be used when the query is run.  Details of the session options can be found here 

LDAP Sessions

The LDAP_OPT_REFERRALS is also controlled by the Chase Referrals option under Misc Options in the More options.

The dialog also has two additional options to configure if the dialog is displayed after a query is executed.  When the dialog is display after the query has been run, it will display the current state of the LDAP connection.  This includes any errors details that are returned by the server, if only the Display Option on failure option is selected, the dialog will only be displayed if an error is returned by the server.

SDProp

The SDProp option provides the ability to report which accounts are protected by the SDProp\AdminSDHolder process.  It will show which group or group inheritance has resulted in the user account being included and which accounts have been orphaned by the process.  Some details on the process can be found here and  here.

NetTools will display the user objects that have the AdminCount set to 1 and associated group memberships that triggered the user to be covered by the process.  This option also provides the ability to reset user accounts, by enabling ACL inheritance and clearing the AdminCount attribute.  To use this option, the Reset AdminCount & ACL Inheritance must be selected and then clicking Go again.

SDProp

One of the issues with the SDProp process is once a user is removed from a protected group the SDProp process doesn't re-enable SD inheritance and as such the account is orphaned.  In the screenshot above is shows two users user1 and user2, this shows that User1 is a member of Domain Admins and Administrators, and as such the account will have the AdminSDHolder permissions enforced when the SDProp process is run, User2 on the other hand is not a member of any protected groups and is now orphaned.

While it's possible to reset the permissions, there is currently no option to trigger the SDProp Process, so the correct permissions will only be re-applied to the required user accounts when the SDProp next runs, which could be as long as 60 minutes.  Below is a LDAP Search favorite Update Query that will trigger the SDProp process if run against the PDC of the domain using the RunProtectAdminGroupsTask RootDSE Modify Operation.  The details are here

[Trigger SDProp]
Options=880098929149517
Server=
BaseDN=NULL
Filter=(objectclass=*)
Attributes=RunProtectAdminGroupsTask==1
DisplayFilter=
Filename=
Sort=
Authentication=1158
Separator=,

 

Kerberos Tickets

The Kerberos Tickets options provides the same features as the klist utility, plus a few extra options.

Kerberos

The Refresh button will display the current Kerberos tickets assigned to the current user context. The Purge All button will delete all the currently assigned Kerberos tickets. Individual Kerberos tickets can be purged by using the context menu.  The Request option allows you to request a Kerberos ticket based on the entered SPN. The SPN must be entered in the correct format, e.g. cifs/testad, when the Request button is pressed the SPN is passed to the KDC to be fulfilled, if successful, the new ticket will be display in the list.

The details of the Flags attributed of a individual ticket can is displayed by double clicking on the ticket or selecting Properties from the context menu.

Kerberos Falgs

The Kerberos Ticket option also includes the ability to read the Kerberos tickets assigned to other sessions running on the host.  The ... button will list all the sessions currently active, selecting a session will display the tickets.  To be able to view the details of other session requires Act as part of the Operating System right.

Kerberos Sessions

Site Browser

Site Browser provides the ability to browser the site configuration including servers, replications partners, IP subnets, naming contexts, queue policy, site links, site coverage, link costs.  This information is presented in three branches of a tree view, Sites, Site Links and Subnets.

The Sites branch lists the sites that are defined in the AD.  Each Site includes a number of items, below is a picture of the standard items.

Site Browser

The Servers leaf lists the DC that a located in the site. At this level it's possible to do a connectivity test against LDAP and GC services.
For each server the following items are included:

Query Policy - this will display the query policy assigned to the server, if no policy is set, the default policy is displayed
Connections - this is the upstream replication partners for the server
Downstream Partners - this lists the downstream replication partners for the server
Naming Context - this is the list of naming contexts that are provided by the server

Subnets - lists the IP subnets that are assigned to the site
Site Settings - displays the Inter Site Topology Generator, Failover, Renew, GC, and Options
Query Policy - the assign policy for the site
Site Coverage - displays the DNS SRV records to associated to the site
Site Links - displays the links for the site and the configuration of the links and which sites are associated with the site link
Link Costs - displays the allow the sites with the associated costs and replication intervals, with the option to limit the list based on the naming context
Naming Contexts - List the naming contexts that are available on the site

LDAP Favorites

This post provides a number of LDAP Search Favorites for common operations, copy the text of the query and import into the favorites, the samples will be saved in the favorites list as the name in square brackets, see Favorites for more information.

Inactive Users
Return a list of users that have not logged on in the last 60 days and excluded any accounts created in the last 60 days

[Users - Inactive Accounts]
Options=660045
Server=
BaseDN=##default
Filter=(&(objectclass=user)(objectcategory=user)(!useraccountcontrol|=2)(|(lastlogontimestamp<={idate:now-60})(&(whencreated<={zdate:now-60})(pwdlastset=0))))
Attributes=canonicalname, samaccountname, displayname, description, pwdlastset, accountexpires, lastlogontimestamp, msExchShadowDepartment, msExchWhenMailboxCreated, msExchRecipientDisplayType, msExchRecipientTypeDetails, homeMDB
DisplayFilter=
Filename=
Sort=
Authentication=1158
Separator=,

Active Accounts
A simple active users query to display a list of users where the user has logged on or changed their password in the last 60 days, and any account that have been created in the last 60 days but the user has not set their password yet.

[Users - Active Accounts]
Options=660036
Server=
BaseDN=##default
Filter=(&(objectclass=user)(objectcategory=user)(!useraccountcontrol|=2)(|(lastlogontimestamp>={idate:now-60})(pwdlastset>={idate:now-60})(&(whencreated>={zdate:now-60})(pwdlastset=0))))
Attributes=canonicalname, samaccountname, displayname, description, pwdlastset, accountexpires, lastlogontimestamp, msExchShadowDepartment, msExchWhenMailboxCreated, msExchRecipientDisplayType, msExchRecipientTypeDetails, homeMDB
DisplayFilter=
Filename=
Sort=
Authentication=1158
Separator=,

Active User with user input
This query is the same as the one above however the static 60 days used above is replaced with a prompt.  At execution time a dialog will be displayed to enter the Activity Period.  In the query the static 60 has been replaced with {userinput:Activity Period (Days)} to prompt for the value.  This Subst is used a number of times in the query but only prompted for once, as the first response is cached and used for subsequent entries with the same label.  See Substitutions

[Users - Active Accounts Input]
Options=8590594637
Server=SDCPWDC01.AMBULANCE.VIC.GOV.AU
BaseDN=DC=AMBULANCE,DC=VIC,DC=GOV,DC=AU
Filter=(&(objectclass=user)(objectcategory=user)(!useraccountcontrol|=2)(|(lastlogontimestamp>={idate:now-{userinput:Activity Period (Days)})(pwdlastset>={idate:now-{userinput:Activity Period (Days)}})(&(whencreated>={zdate:now-{userinput:Activity Period (Days)}})(pwdlastset=0)))(|(accountExpires=0)(accountExpires=9223372036854775807)(accountExpires<={idate:now})))
Attributes=canonicalname, samaccountname, displayname, description, pwdlastset, accountexpires, lastlogontimestamp, msExchShadowDepartment, msExchWhenMailboxCreated, msExchRecipientDisplayType, msExchRecipientTypeDetails,accountExpires
DisplayFilter=
Filename=
Sort=
Authentication=1158
Separator=,

Active Accounts Count
This is the same as the first active accounts queries, but this doesn't display any details of the users, just the count.

[Users - Active Accounts Count]
Options=8590594628
Server=SDCPWDC01.AMBULANCE.VIC.GOV.AU
BaseDN=DC=AMBULANCE,DC=VIC,DC=GOV,DC=AU
Filter=(&(objectclass=user)(objectcategory=user)(!useraccountcontrol|=2)(|(lastlogontimestamp>={idate:now-60})(pwdlastset>={idate:now-60})(&(whencreated>={zdate:now-60})(pwdlastset=0))))
Attributes=1.1
DisplayFilter=
Filename=
Sort=
Authentication=1158
Separator=,

Active Accounts (More Complex)
This query builds on the queries above and include the account expires attributes in the checking.

[Users - Active Accounts AE]
Options=8590594637
Server=
BaseDN=##default
Filter=(&(objectclass=user)(objectcategory=user)(!useraccountcontrol|=2)(|(lastlogontimestamp>={idate:now-60})(pwdlastset>={idate:now-60})(&(whencreated>={zdate:now-60})(pwdlastset=0)))(|(accountExpires=0)(accountExpires=9223372036854775807)(accountExpires<={idate:now})))
Attributes=canonicalname, samaccountname, displayname, description, pwdlastset, accountexpires, lastlogontimestamp, msExchShadowDepartment, msExchWhenMailboxCreated, msExchRecipientDisplayType, msExchRecipientTypeDetails, homeMDB
DisplayFilter=
Filename=
Sort=
Authentication=1158
Separator=,

Disable users
This favorite is a input mode Update query which will disable the provided list of SamAccountNames, it will prompt for a change number which will be added to the Info field of each user.  See Update Queries for more information about update queries.

Warning: This is a Update Query which will make changes to your AD once the update feature is enabled

[Users - Disable Users]
Options=489626931805
Server=
BaseDN=##default
Filter=(samaccountname=##input)
Attributes=useraccountcontrol=|2:2, info==Account disabled as part of change {userinput:Enter Change Number}\n{attrib:info}
DisplayFilter=
Filename=
Sort=
Authentication=1158
Separator=,

AD Tombstone Period
This query will display the current AD tombstone period for deleted\recycled objects.

[AD Tombstone Period]
Options=132677
Server=
BaseDN=CN=Directory Service,CN=Windows NT,CN=Services,##config
Filter=(objectclass=*)
Attributes=tombstonelifetime
DisplayFilter=
Filename=
Sort=
Authentication=1158
Separator=,

AD Schema Version
This query will display the current AD schema version

[Schema Version - AD]
Options=132673
Server=
BaseDN=##schema
Filter=(objectclass=*)
Attributes=objectversion
DisplayFilter=
Filename=
Sort=
Authentication=1158
Separator=,

 Exchange Schema Version
This query will display the current exchange schema version.

[Schema Version - Exchange]
Options=132673
Server=
BaseDN=CN=ms-Exch-Schema-Version-Pt,##schema
Filter=(objectclass=*)
Attributes=rangeupper
Filename=
Authentication=1158
User=
Domain=

OCS Schema Version
This query will display the current OCS\Link\SfB schema version.

[Schema Version - OCS]
Options=132673
Server=
BaseDN=CN=ms-RTC-SIP-SchemaVersion,##schema
Filter=(objectclass=*)
Attributes=rangeupper,rangelower
Filename=
Authentication=1158
User=
Domain=

Root DSE
This query will return the default values for the RootDSE

[RootDSE]
Options=656901
Server=
BaseDN=NULL
Filter=(objectclass=*)
Attributes=
DisplayFilter=
Filename=
Sort=
Authentication=0
Separator=,

RootDSE (Full)
This query will display both the default and optional values of the RootDSE, the values returned are based on the current DC OS and DFF level.

[RootDSE (Full)]
Options=132613
Server=
BaseDN=NULL
Filter=(objectclass=*)
Attributes=*,domainControllerFunctionality,domainFunctionality,forestFunctionality,msDS-ReplAllInboundNeighbors,msDS-ReplAllOutboundNeighbors,msDS-ReplConnectionFailures,msDS-ReplLinkFailures,msDS-ReplPendingOps,msDS-ReplQueueStatistics,msDS-TopQuotaUsage,supportedConfigurableSettings,supportedExtension,dsaVersionString,msDS-PortLDAP,msDS-PortSSL,msDS-PrincipalName,serviceAccountInfo,spnRegistrationResult,validfsmos,tokenGroups,usnAtRifm
Filename=
Authentication=1158
Separator=,

 

 

NetTools v1.24.4

ACL Browser
Fixed issue were attribute GUID are not loaded into the cache intermittently
LDAP Search
Added option to displayed extended error reporting
Updated string substitutions to include {sdate:now} and {sdatetime:now} to display the current date or date and time. Date format is fixed as DD/MM/YYYY.
Updated the copy favorites to clipboard option to copy the settings currently being displayed
Updated favorites to support ##inputn in the BaseDN field
UNC Check
Updated UNC dropdown to display the MRU UNC path from the Run dialog