LDAP Search Input Mode

LDAP Search supports an option called Input Mode, Input Mode allow you to run a query against a list of user inputs and the results are displayed against the input item.  To enable Input Mode, the Table View and Table Input must be selected, this will enable a few extra options and items on the Table View context menu.  

When the Input mode is selected the other options in the Table View options will be enabled. Also the column names in the table view will also change to ##Input<..>, if there is already data in the table and the table contents are preserved, or when the input lists are added.  Input Mode supports up to 9 input lists.

The input lists are added to the table view by using the additional items in the context menu. These are Load Input, Paste Replace or Insert.

Load Input - will load the list from a file, the file must be tab separated
Paste Replace - this will paste the contents of the clipboard into the table view, clearing the contents of the table, copying the contents from a multiple column spreadsheet
Paste Insert - this will paste the contents of the clipboard into the table view, the existing contents of the table are preserved. 

Above shows the table view after the input lists have been added.  The column headings are updated to show the variable name for the list, these variable names can then be added to the query input fields.

In the example above only the first input variable is used in the filter, the second input is ignored.  When the query is run, the query will be run for each of the items in the list with the ##input being substituted with the value in the list.  If the query does return results the attributes are displayed on the same line as the entry.

In the example above, both variables are used in an Update Query, the ##input2 variable is used to update the department name of the user.

LDAP Search Update Queries

NetTools supports the ability to not just query the directory, but also perform update as well. Because writing to a directory comes with some risks, there are number of safe guards to make sure that you update the directory by intent and not by mistake.

<span">To use the Update option you have to input the required details in the Attributes field, see the syntax below, you then need to select the Enable Updates option. This will enable the preview mode by default as an extra safety net.  Preview mode allow you to run the query and show the values that would be written to the attributes when the preview mode is turned off.  When Preview mode is deselected the Go button turns red to show that the update mode is enabled and attributes could be changed when the query is run.  Please note, there is no undo option for updates.  When you run an update query the values returned against each of the attributes are the new value for the attributes after the update has been completed.  If an error occurs during the update the LDAP error code is returned, in most case these are self explanatory and are usually due to a schema restriction.  See the Single Update option below for more information on how to determine which update caused the error.

Update Queries will update the Attributes based on the values specified in the attributes field or data specified in the Input Mode columns. To update an attribute an Update Operator must be specified after the attribute name, follow with the value you wish to set.  This is the Syntax for the update operation:

Syntax: <Attribute><Op><Value>

Attribute:  The name of the attribute that you wish to update
<span">Op: The Update Operation that is to be performed

=+        Add Value to attribute
=-         Remove the Value from the Attribute, if no Value is specified the attribute is cleared
==        Set\Replace the current value of the attribute with Value
=|         Perform a bitwise operation of the current value of the attribute, this Op has a specific format for the Value, see mask details below
=#        Delete the object from the directory
=>        Move the object the new location specified by the Value, the Value should be encapsulated in quote marks

Value = <Mask>:<Data>

Mask - the bitwise mask  Note: Input Mode substitution can’t be used on this field, only the data field
Data - is the bits to be set based on the bit mask
Value - the data to be written to the attribute

The Add operator ‘=+’ can fail due of the schema definition of an attribute that is being updated.  If you use the Add operator to update an attribute that has a schema definition of single value, if there is no value assigned to the attribute the update will succeed. However, if there is a value already assigned, the update will fail.  In the case of a single value attribute its better to use the Set ‘==’ operator to assign the new value, as this will set or replace the existing value.

The value provided to update attributes can use the same substitution options that are available in the filter field i.e sid, oid, ip, ipn, idate, zdate, hex, guid, unicode, and userinput.  There is additional substitutions options for the attributes field, these are attrib and code characters.  The attrib substitution option can be used to retrieve the value of attributes on the object being updated, this is useful for updating multiple line single value attributes like the Info field.  To retrieve the value of a specific attribute, this doesn’t have to be the same attribute as the one that is being updated, you only need to specify the attribute name in the subst command i.e. {attrib:info}.  The support for the retrieval of a value is limited to attributes that only have a single value set.  If multiple values are assigned to the attribute the retrieval will fail and report an error that multiple values exist.  The substitution also supports the use of the standard C\C++ Escape characters to include control character or binary values, these are listed below.

<span">C\C++ Escape Characters:

\a         07        Alarm (Beep, Bell)
\b         08        Backspace
\f          0C        Formfeed
\n         0A        Newline (Line Feed); see notes below
\r          0D       Carriage Return
\t          09        Horizontal Tab
\v         0B        Vertical Tab
\\         5C       Backslash
\'          27        Single quotation mark
\"         22        Double quotation mark
\?         3F         Question mark
\hh       any       The character whose numerical value is given by hh interpreted as a hexadecimal number

The batch mode feature provides the ability to run a number of saved queries in a specified order.  It can be used to complete management tasks, one example is the automation of disabling inactive accounts.  This is achieved by creating a query that returns all accounts that are inactive based on your audit requirement, then the next query in the batch list is an update query that is configured as input query taking the results from the first query as an input, these accounts are then disabled by the second query.

The subst option userinput can be used to prompt the user for input.  The userinput will prompt the user for an input, the input has a label which is shown on the dialog box, the label is specified in the subst command.  The user inputs are cached against the label, if a label is used a second time the cached response is used and the user is not prompted. The userinput subst can be nested in other subst options e.g. (pwdpastset>={idate:{userinput:Date}}) the user will be prompted to enter the date, then the idate subst will convert this into a 64bit date code.

Examples:

ExtensionAttribute1==Office1                            - Sets the ExtensionAttribute1 to Office1
ProxyAddresses=+smtp:www.world.com             - Adds the value to the ProxyAddresses, the existing values are preserved
ProxyAddresses=-smtp:www.world.com              - Removes the specific value from the attribute
ProxyAddresses=-                                                 - Clear the attribute, i.e. set to not set
UserAccountControl=|2:2                                     - Sets the 2 bit of the attribute to 1
UserAccountControl=|2:0                                     - Clears the 2 bit of the attribute to 0
UserAccountControl=|6:4                                     - Clears the 2 bit and sets the 4 bit of the attribute
dn=>”cn=users,dc=domain,dc=com”                  - Move the selected object to the specified location
dn=#                                                                     - Delete the object from Active Directory
UserAccountControl=|2:##input2                         - sets bit 2 to the value of ##input2

Info=={attrib:info}\n user updated as part of change 31012
Info=={attrib:info}{attrib:mail} user updated as part of change 31012
Objectversion=={attrib:objectversion}1
Binary=+\23\34\01\5a\4f\00

The Update mode can be combined with the multi-column Input Mode to update the attributes of objects with different values.  For example if you wanted to update the department and telephone numbers for a number of users.  If you paste three columns of data into the table view containing a list of samaccountname, department name, and new telephone number and then by setting the Filter field to (samaccountname=##input) and the attribute field to Department==##input2, telephone==##input3 you can update all the users details in one operation.  Another example if you have a list of users that need to be disabled and another list of users that need to be enabled.  If you combine the list of samaccountname and in the second column specify 0 for an account you want to enable and 2 for an account you want to disable.  Pasting these columns into the table view and set the Filter field the same as with the previous example but setting the Attribute field to UserAccountControl=|2:##input2, this will update all the accounts in one operation.

Enable Updates - When selected the the update query is available

Single Update - is the default when the Update mode is selected, this causes all the required updates to be performed as a single update operation when the query is run.  The disadvantage to using single update is if you update multiple attributes at once and one of the updates fails i.e. due to a schema restriction, the resulting error message which is reported is against the first attribute that is displayed and not the attribute that caused the update to fail.  By deselected Single Update option, each update is performed separately and if that update fails the error message is display against the attribute that caused the update to fail.

Object Deletion - the delete operator is only available when this option is selected

Delete Tree - when selected the delete operation is preformed as a delete tree operation and all sub items will also be deleted.  If this option is not selected and there are child items the delete will fail

Preview - this option is enabled by default when the Enable Updates option is selected, if the query is run with the preview options selected the returned values are the values that would be written to the attributes when the preview option is not selected.  After an update query is run the preview option is automatically selected again

Display Results - This option is used to suppress the displaying of the results, this is useful if you are updating an attribute that contains a large number of values, i.e. group memberships, and will significantly increase the performance of the update query.

Note: with the delete and move operators, the attribute used to specify the delete operator, must have a value for the operation to be executed.  The best attribute to use in this case is one that must have an attribute i.e. dn or objectclass

Troubleshooting Account Lockouts

In most case the user’s account will get locked because user’s old or incorrect password is still being used, usually this occurs after the user has changed their password.  The issue is trying to find out what and where the old or incorrect password has been used, this could be a mapped drive that has user credentials, a RDP session that has not closed correctly and leaves a disconnected session, mobile phone, remote email access, or cached credentials on the workstation.

To help find the cause of the lock out you can use NetTools which includes a number of tools\reports to show how and when the account was locked.

From NetTools, select Last Logon under Users in the Left hand pane. Enter the user's samaccountname in the username field and click Go.  You only need to enter the server name in the server field, if the user account is in a different domain.

NetTools will collect the logon details from each of the domain controllers in the domain and display the details held for that account.  

The Columns have the following means:

Column Name Description
Server   The name of the domain controller the details are from
Last Logon* The last time the domain controller successfully authenticated the user’s credentials
LastLogonTime AD attribute LastLongTimeStamp attribute see this article for more info http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx
Locked Indicates if the account is locked on this domain controller
Locked Time The time the account was locked out
Bad Pwd* The number of bad password attempts has been seen by this domain controller
Pwd Set When the password was last set
LastBadPwd The time when the last bad password attempt was received by this domain controller
Logon Count* The number of times the account has been successfully authenticated by the domain controller
Meta Time AD meta data Time of the last change to the unicodepwd attribute
Ver AD meta data version number of the unicodepwd attribute

* Some attributes are not replicated between domain controllers these are highlight with an asterisks after the name.  Due to this each domain controller has its own set of details for each user account and you need to review all domain controllers when trying to work out why and when an account is locked.

This is the same account after the account has been locked, you can see not all the domain controllers think the account is locked, this is caused by AD replication latency, over time all the domain controller will have the same view.

To troubleshoot when and why an account is locked out we first need to sort the results, click on the Last BadPwd column so the times are in descending order.  The top most entry is when the account was last locked.  If the bad password time, is not a time when the user would be using the account, this could indicate that the account was locked by saved credentials.

The security event logs on the domain controllers and the member servers of the domain contains the details of the account lockout.  NetTools can search the event logs to find event relevant to the account on the select domain controller and then search the event logs of any member servers in the authentication chain, it will then display the information on the cause of the lockout.

To find the lockout details, select the domain controller with the last lockout time and right click and select Display Event Details from the context menu.  This will enumerate the security logs for any failed authentication request for the user account.

Related Articles

HowTo: Check that a user has actually changed their password

For more information on why and how accounts get locked out see this article, https://technet.microsoft.com/en-us/library/hh994566(v=ws.10).aspx

NetTools v1.25.4

ACL Browser
Updated the flags so the inherited flag is reported correctly for schema based permissions

Schema Versions
Updated to include Exchange 2019 and CU1, CU2. See Schema Versions.

General - Column Sort
Updated 64Date sort function to correctly handle '-' entries

Locked Accounts
Added extra fields to the view - Bad Password Time, Account Expires, Lockout Time, Password Last Set
Added a bulk unlock function for selected accounts
Added status bar with the total and selected items

Search
Updated search logic so the useraccountcontrol, accountexpires, lockoutime attributes are displayed correctly in the output.
Fixed issue where the current column list is not displayed in the column selection dialog
Changed the options to be non-volatile

Permissions Caching

NetTools uses local caching to improve the performance when viewing the permissions in ACL Browser and GPO Explorer.  The cache is used to cache Control Assess Rights GUIDs and resolved SIDs, this makes viewing the permissions of subsequent objects significantly faster.  ACL Browsers and GPO Explorer use the same cache to improve performance across these options.  If ACL Browser and GPO Explorer interrogate the same forest then both options will benefit from the caching.  However, when they are pointing at different forests, the cache is cleared and caching is started again when a different context is detected, resulting in an initial performance hit as the cache is reseeded.

LDAP Search – Paged Query Support

Active Directory limits the number of results that can be returned in a single query, this is defined by the MaxPageSize settings in the LDAP Query Policy, the default value is 1000.  If the results of a query exceeds this limit, the server will return a Size limit was exceeded (0x4) error.  To overcome this limit you need to use the Paged Server Side Control, which will return the results over a number of responses, with the total number of results per response not exceeding the MaxPageSize value.  NetTools has the Paged Control is enabled by default and will automatically reconstruct the results into a single output.

The MaxPageSize value is defined in Default Query Policy stored in the configuration partition.

CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=x

Attribute - lDAPAdminLimits

You can also define a separate Query Policy at the domain controller and AD site levels, these can be viewed using the Site Browser option.

LDAP Search – Dynamic and Sort Attributes Options

These two options control how NetTools will display attributes in the LDAP Search option. 

Dynamic Attributes
By default the Dynamic Attributes option is selected, with this option selected, when the LDAP Search query is run, NetTools will query the Schema for a set of known attribute type and assign the corresponding Decode Type to the attribute.  When the attribute is displayed, the decode type will be used to display the contents of the attribute.

Sort Attribute
This option is also enabled by default and causes the schema to queried to retrieve the details of the selected output attributes, the results are then assigned to the table view sort function, so the attributes are sorted correctly associated to the attribute type, i.e. number, text, date, IP address, etc.  If this option is turn off, all data will be sorted based on the default alpha sort function.  

Both of these options cause additional data to be requested from the server, this can impact the time taken to display the results, especially if the target server is on the other end of a slow link.  Turning these options off is a balancing between function and speed.

Decode Types

At the heart of NetTools is a LDAP client that includes a decode engine that will decode attributes so that the data can be displayed in a readable format.  The decode engine includes over 80 predefined decode types.  These decodes can be assigned to a specific attribute using four different methods.

These are Static, Dynamic, User Defined, and Manual Override:

The Static assignment are statically defined within NetTools, i.e. WhenChanged is associated to the GTFTIME decode type.  These can be overridden by User Defined and Manual Override assignments. See Static DecodeTypes
While Dynamic will assign the decode type associated to an object based on the schema definition of the attributes. i.e. attributes that are binary and have a fixed length of 32 and guid in the name will automatically be assigned the GUID decode type.
User Defined assigned decode types can be assigned a few different ways in NetTools, from the LDAP Search's Manage Dynamic Attribute Decodes dialog, via the define decode type dialog from the context menu in the Schema Class Browser option, or via the configuration file.  

NetTools.ini Example:     

[AttributeDecodes]
msExchBlockedSendersHash=BIN

The Manual Override option is only available in the LDAP Search option, when specifying the attributes to be displayed, you can also include a Decode Type as an extra parameter of the attribute, this will overridce all other methods and display the attribute using the specified DecodeType i.e. msExchBlockedSendersHash;bin.  This will display the attribute data in a Binary format.

This is the list of Decode Type that are available in NetTools:

    DEFAULT - ASCII
    64DATE - Win32 64bit Date Format
    64TIME - Win32 64bit Date & Time Format, local time
    64TIME_UTC - Win32 64bit Date & Time Format, UTC
    ATTRIBENUM - predefined enumerate
    ATTRIBENUM_NONUM - predefined enumerate only symbolics are displayed
    BASE64 - encode the returned value as Base64    
    BEROID - Basic Encoding Rules (BER) Organization Identifier
    BIN - Binary output
    CERT - Certificates
    COUNT - Returns the number of entries in the attribute
    CRL - Certificate Revocation List
    DNSPROPERTY - DNS Properties entries
    DNSRECORD - DNS entries
    DNSRECORD.DATA - return only the data field
    DNSRECORD.RANK - return only the rank field
    DNSRECORD.SERIAL - return only the serial field
    DNSRECORD.TIMEOUT - return only the timeout field
    DNSRECORD.TIMESTAMP - return only the timestamp field
    DNSRECORD.TTL - return only the ttl field
    DNSRECORD.TYPE - return only the type type field
    DNSRECORD.VERSION - return only the version field
    DSA_SIG - DSA Signature
    FILETIME - Win32 File Date & Time Format
    GTFTIME - Generalized Time Format, local time
    GTFTIME_UTC - Generalized Time Format, UTC
    GMSAPWD - return the full details of the gMSA password
    GMSAPWD.PWD_B - return only the current password in byte hex format
    GMSAPWD.PWD - return only the current password
    GMSAPWD.PPWD_B - return only the previous password in byte hex format
    GMSAPWD.PPWD - return only the previous password
    GMSAPWD.QRY - return the query interval
    GMSAPWD.UCG - return the change interval
    GMSAPWDID - return the full gMSA PasswordID details
    GMSAPWDID.RK - return the gMSA PasswordID Root Key
    GMSAPWDID.SVR - return the gMSA PasswordID server
    GPLINKS - used to display the list of DNs in the gplink attribute
    GUID - Windows COM GUID format
    GUID_LDAP - GUID in LDAP filter format
    GUID_RAW - Hex GUID format
    HEX - Display a number if Hex format
    IP - DWORD IP address in windows order
    IPN - DWORD IP address in network order
    META - Decoder for msDS-ReplAttributeMetaData
    METAP - Decoder for replPropertyMetaData
    METAV - Decoder for msDS-ReplValueMetaData
    MSTRUST - Decoder for msds-TrustForestTrustInfo
    NANOTIME - Display interval based on nano seconds
    NTDS_CONN_OPT - Returns the options for the Options of NTDSConnection
    NTDS_DSA_OPT - Returns the options for the Options of NTDSDSA
    NTDSSSITE_OPT - Returns the options for the Options of NTDS Sites Settings
    PARENTCN - Returns the parent container of the CanonicalName
    PARENTDN - Returns the parent container of the distinguishedName
    PERIOD - Certificate renewal period
    PSMTP - Display primary smtp entry
    PWDSEC - Password secounds
    PX400 - Display primary x400 entry
    PX500 - Display primary x500 entry
    REPL_UTDV - NC Up ToDateness Vectors
    REPS_INFO - Replication neighbours RepsTo and RepsFrom
    RIDPOOL - RID Pool Allocations
    SD - Security Descriptor in SDDL format
    SD_DACL_COUNT - Returns the number of ACE in the DACL
    SD_DACL_EXPCOUNT - Returns the number explicitly assigned ACE in the DACL
    SD_NAME - Returns the resolved names of all the entries in the SD
    SD_NAME_DACL - Returns the resolved names of the DACL entries in the SD
    SD_NAME_GROUP - Return the primary group assigned in the SD
    SD_NAME_OWNER - Returns the resolved name of the owner in the SD
    SD_NAME_SACL - Returns the resolved names of the SACL entries in the SD
    SD_SACL_COUNT - Returns the number of ACE in the SACL
    SD_SACL_EXPCOUNT - Returns the number explicitly assigned ACE in the DACL
    SD_SID - Returns the SID of all entries in the SD
    SD_SID_DACL - Returns the SID of the DACL entries in the SD
    SD_SID_GROUP – Returns the primary group assigned in the SD
    SD_SID_OWNER - Returns the SID of the Owner in the SD
    SD_SID_SACL - Returns the SID of the SACL entries in the SD
    SID - Display Security Identifier in text form
    SID_ABS - Display the absolute name of the SID
    SID_REL - Display the relative name of the SID
    SITE_LINK_OPT - Returns the options for the Options of SiteLink
    SIZE - The size of the data returned
    SMTP - Display only smtp entries
    TRANSPORT_OPT - Returns the options for the Options of transport container
    UNICODE - Return a string in Unicode format, with BOM decode support
    WMITime - Returns the wmi time 
    WMITime_UTC - Returns the utc wmi time
    X400 - Display only x400 entries
    X500 - Display only x500 entries

A debug option exists that will display which Decode Type was used to decode the displayed attributes, the debug information is only displayed in the LDAP Search text output pane.  This debug feature can be enabled by selecting the Enable Decode Debug option in the Attribute Decodes dialog or by added the following entry to the NetTools.ini configuration file.

[SavedOptions]
DebugDecoder=true

Attribute Decodes

NetTools v1.25.0

GPO Explorer *** New ***
A new option to browser GPOs and GPO allocation. Supports similar functionality as the Group Policy Manager, allowing viewing of GPO configuration, permissions, OU structure browsing, with policy inheritance, display the raw settings in the policies, covering registry, scripts, GptTmpl, GPP settings. Includes the option to view and edit policies using gpedit or GPMC editor, if it's installed.

Object Metadata *** New ***
This option will display the metadata of an attribute on a specific object across all domain controllers, to allow checking of replication consistency

Top Quotas *** New ***
Option to display the quota usage of the top users. Includes an option to display the quota allocation to an individual user. With the ability to select the quota per partition.

ACL Browser
Added Meta data and Attributes to the content menu of the left hand pane
Updated to display deleted and recovery items, corresponding permissions required
Added Trustee mode, allows you to select a trustee and the ACE icon will display a green tick on all the ACE that the trustee has been assigned
Updated ACE pane so the ADS_RIGHT_DS_CONTROL_ACCESS right is displayed as Control access against the property. This provides simpler visibility of Confidential Attribute configuration

AD Properties Dialog
Added icon for locked accounts

AD Subnets
Updated to support column sorting

Control Access Rights
Updated screen redraw to increase display speeds

DC Resolution
Updated ports dialog to allow multiple ports to be removed
Fixed bug where a server could be displayed multiple test due to case sensitive

Extended Rights
Added column for Rights GUID

Last Logon Time
Fixed intermittent Index error when sorting

LDAP Browser
Changed ObjectClass order so Options attributes are decoded correctly

LDAP Search
Update SupportedControl to include LDAP_SERVER_SET_OWNER_OID, LDAP_SERVER_BYPASS_QUOTA_OID, LDAP_SERVER_LINK_TTL_OID,
LDAP_SERVER_SET_CORRELATION_ID_OID,
LDAP_SERVER_THREAD_TRACE_OVERRIDE_OID
Add inline filter substitution for Match rule OID LDAP_MATCHING_RULE_DN_WITH_DATA introduced in Windows 2012R2. The substitution characters for this rule is $= e.g. (msDS-HasInstantiatedNCs $= B:8:0000000D:DC=corp), which expands to (msDS-9HasInstantiatedNCs:1.2.840.113556.1.4.2253:=B:8:0000000D:DC=corp)
Fixed bug in the range option on attributes
Added DecodeType for Unicode strings, it also supports Byte Order Mark (BOM) to define the Unicode format
Updates to the screen draw in table view, provides about 25% increase in displaying results
Added 'Display on Complete' option to increase the display speed, screen updates are suppressed until all results are displayed

Locked Accounts
Added context menu for AD Properties and Attributes

NetGroupEnum
Updated to include icons to represent users and groups
Updated context menu to include AD properties for the select trustee

Ping
Updated to support column sorting

Schema Class Browser
Update to display the hierarchy of the selected schema class

Schema History
Added extra column to display OID
Added Windows 2019
Added Exchange 2016 CU7
Schema Version
Updated Windows 2019
Changed Unknown to Not Set for items that don't exist
Added option to display the raw values rather than the decoded values

SD Prop
Complete rewrite to support new functionality
Added context menu to display AD properties
Added option to clear the AdminCount attribute and reset ACL inheritance on user accounts that have AdminCount attribute set

Site Browser
Added option to display the list of IP subnets
Added option to display the list of AD Site Links

Time Converter
Updated to support yyyy/mm/dd hh:mm:ss time\date format
Updated to support yyyy-mm-ddThh:mm:ss.mmm Azure time\date format

Token Size
Fixed double click on Token Size List so sub group list is opened

User's Groups
Context menu updated to include option to open AD properties

User Search
Fixed bug where stored LDAP Search credentials are used when displaying Attributes Dialog
Add context menu for Find Trustee, GPO Allocation, Quota Usage
Added icon for locked user accounts, GC search must be disabled for locked accounts to be displayed

WINS Lookup
Improved error reporting and added Set Debug option

DecodeTypes list:
    DEFAULT - ASCII
    64DATE - Win32 64bit Date Format
    64TIME - Win32 64bit Date & Time Format, local time
    64TIME_UTC - Win32 64bit Date & Time Format, UTC
    ATTRIBENUM - predefined enumerate
    ATTRIBENUM_NONUM - predefined enumerate only symbolics are displayed
    BEROID - Basic Encoding Rules (BER) Organization Identifier
    BIN - Binary list
    CERT - Certificates
    COUNT - Returns the number of entries in the attribute
    CRL - Certificate Revocation List
    DNSPROPERTY - DNS Properties entries
    DNSRECORD - DNS entries
    DNSRECORD.DATA - return only the data field
    DNSRECORD.RANK - return only the rank field
    DNSRECORD.SERIAL - return only the serial field
    DNSRECORD.TIMEOUT - return only the timeout field
    DNSRECORD.TIMESTAMP - return only the timestamp field
    DNSRECORD.TTL - return only the ttl field
    DNSRECORD.TYPE - return only the type type field
    DNSRECORD.VERSION - return only the version field
    DSA_SIG - DSA Signature
    FILETIME - Win32 File Date & Time Format
    GTFTIME - Generalized Time Format, local time
    GTFTIME_UTC - Generalized Time Format, UTC
    GUID - Windows COM GUID format
    GUID_LDAP - GUID in LDAP filter format
    GUID_RAW - Hex GUID format
    HEX - Display a number if Hex format
    IP - DWORD IP address in windows order
    IPN - DWORD IP address in network order
    MSTRUST - Decoder for msds-TrustForestTrustInfo
    NTDS_CONN_OPT - Returns the options for the Options of NTDSConnection
    NTDS_DSA_OPT - Returns the options for the Options of NTDSDSA
    NTDSSSITE_OPT - Returns the options for the Options of NTDS Sites Settings
    PARENTCN - Returns the parent container of the CanonicalName
    PARENTDN - Returns the parent container of the distinguishedName
    PERIOD - Certificate renewal period
    PSMTP - Display primary smtp entry
    PWDSEC - Password secounds
    PX400 - Display primary x400 entry
    PX500 - Display primary x500 entry
    REPL_UTDV - NC Up ToDateness Vectors
    REPS_INFO - Replication neighbours RepsTo and RepsFrom
    RIDPOOL - RID Pool Allocations
    SD - Security Descriptor in SDDL format
    SD_NAME - Returns the resolved names of all the entries in the SD
    SD_NAME_DACL - Returns the resolved names of the DACL entries in the SD
    SD_NAME_GROUP – Return the primary group assigned in the SD
    SD_NAME_OWNER - Returns the resolved name of the owner in the SD
    SD_NAME_SACL - Returns the resolved names of the SACL entries in the SD
    SD_SID - Returns the SID of all entries in the SD
    SD_SID_DACL - Returns the SID of the DACL entries in the SD
    SD_SID_GROUP – Returns the primary group assigned in the SD
    SD_SID_OWNER - Returns the SID of the Owner in the SD
    SD_SID_SACL - Returns the SID of the SACL entries in the SD
    SID - Display Security Identifier in text form
    SID_ABS - Display the absolute name of the SID
    SID_REL - Display the relative name of the SID
    SITE_LINK_OPT - Returns the options for the Options of SiteLink
    SIZE - The size of the data returned
    SMTP - Display only smtp entries
    TRANSPORT_OPT - Returns the options for the Options of transport container
    UNICODE - Return a string in Unicode format, with BOM decode support
    X400 - Display only x400 entries
    X500 - Display only x500 entries

NetTools v1.24.0

A few new functions introduced with this version as I have been doing more work around websites and internet based services. A interesting note that I found while writing the Trace Route function, the standard method to complete the TTL ICMP echo is using the standard winsocket RAW method, however, I found that the default settings of the Windows firewall would block this traffic and would require the user to allow this traffic for the function to work correctly. This was unexpected especially as this is not required for the MS command line tracert utility and there are no default rules to allow this traffic. After a bit of playing around, I used the IcmpSendEcho API, and these packets bypass the firewall completely and there is no way to block them. I wonder how many other MS APIs bypass the firewall completely and means you can’t block this traffic!

Trace Route ** New **
A multi-threaded Trace Route option that provides the fastest possible result by testing all hops at the same time, displaying the complete route in under 3 seconds
WhoIS ** New **
An option to query WhoIs databases for both IP and domain details
IP Geo Location ** New **
An option to display the Geo location information of an IP address
HTTP Headers ** New **
An option to display the HTTP headers of a website
UNC Check ** New **
New option to check a UNC path, this will check that server’s IP address is resolvable, share exists and permissions to access the file systems and display which part of the path is valid or not
URL Check ** New **
An option that combines all of the above web based tests against a domain name
General
Added additional error handling around ini file reads and writes to prevent exception caused by disconnected shares
ACL Browser
Updated so the GUID and SID caches are not cleared between searches for the same domain to improve performance, manual clear Cache option added
Updated ACL Flags option to display allow and deny flags in the ACL
Added context menu option to display AD properties dialog
Fixed bug that could cause an exception error
AD Properties Dialog
Added the object name to the title of the dialog
Update ProxyAddresses to allow multiple line selection
Updated members and memberOf to use the domain context of the displayed object rather than the server’s default context, so the PrimaryGroupID is resolved correctly
AD Sites
Change the site option to a dropdown list of available AD sites
Base64
Fixed issues with Hex decode not showing the last line of the text dump
DCs in Sites
Change the site option to a dropdown list of available AD sites
Find Trustee Assignments
Updated so the search can include the Owner in the results
LDAP Search
Defined parentGUID, msExchOnPremiseObjectGuid, msDC-ConsistencyGuid as GUID decode type
Added option in LDAP Filter wizard select if Not queries comply with RFC4515. MS LDAP supports the format as in RFC4515 and an abbreviated version that doesn’t require extra parenthesis around the filter for Not statements, i.e. RFC4515 format: (!(objectclass=user)), MS format (!objectclass=user)
Updated LDAP Location Selector to use BaseDN rather than the DC’s default domain context
Conditional attributes updated to include the Len option, which returns the string length of the variable
LDAP Browser
Updated shift start functionality on the LDAP Search option to start in a new instance so multiple browsers can be opened
Updated to support LDAP directories that don’t use the AllowedAttributes on the list available attributes on objects
Meta Data Dialog
Updated with an option to display times in UTC or local time
NetGroupEnum
Updated to include the machine\domain reference of the trustees
Org Structure
Added option to only display direct reports that have active accounts
Added option to specify Naming Context to support non-contiguous name spaces
Fixed exception error when the manager attribute is not set
Overlapping Subnets
Updated the results text from errors to overlaps to reflect changes in MS recommendations on catch all entries
Fixed bug that could cause an exception if output to file selected but no filename specified
Ping
Updated to the success and failed results are displayed correctly and clears the previous results before tests start
Schema Browser
Updated screen redraw to improve display speed
Schema History
Added Exchange 2016 CU7
Schema Version
Updated to include Exchange CU5-7
Added the Exchange Forest Version
SID Converter
Updated the output to display the SID in a number of different formats, including LDAP filter, ADSI, Hex and Base64
Site Browser
Added extra column to display the replication type on the list site view
Added stop button on the site coverage to stop the current lookups
Updated to display Site Settings for each site
Updated to display Policy Query settings for the setting and domain controllers, if a new policy has not been defined, the default policy is displayed
Time Converter
Updated to display the time entered as UTC, local to UTC, and UTC to local
User Rights & Logon
Changed the output to be tab and table based to allow easier viewing and copying
User Search
Updated search to support downlevel name format <domain>\<identity>
Updated Use With option for Org Structure to pass the server context if it’s changed from the default
Changed GC Option to clear the current list to prevent GC\No-GC lookups issues
Fixed bug where the scope list would not be updated correctly if an error occurs while getting domain list