Category Archives: Versions

NetTools v1.25.0

GPO Explorer *** New ***
A new option to browser GPOs and GPO allocation. Supports similar functionality as the Group Policy Manager, allowing viewing of GPO configuration, permissions, OU structure browsing, with policy inheritance, display the raw settings in the policies, covering registry, scripts, GptTmpl, GPP settings. Includes the option to view and edit policies using gpedit or GPMC editor, if it's installed.

Object Metadata *** New ***
This option will display the metadata of an attribute on a specific object across all domain controllers, to allow checking of replication consistency

Top Quotas *** New ***
Option to display the quota usage of the top users. Includes an option to display the quota allocation to an individual user. With the ability to select the quota per partition.

ACL Browser
Added Meta data and Attributes to the content menu of the left hand pane
Updated to display deleted and recovery items, corresponding permissions required
Added Trustee mode, allows you to select a trustee and the ACE icon will display a green tick on all the ACE that the trustee has been assigned
Updated ACE pane so the ADS_RIGHT_DS_CONTROL_ACCESS right is displayed as Control access against the property. This provides simpler visibility of Confidential Attribute configuration

AD Properties Dialog
Added icon for locked accounts

AD Subnets
Updated to support column sorting

Control Access Rights
Updated screen redraw to increase display speeds

DC Resolution
Updated ports dialog to allow multiple ports to be removed
Fixed bug where a server could be displayed multiple test due to case sensitive

Extended Rights
Added column for Rights GUID

Last Logon Time
Fixed intermittent Index error when sorting

LDAP Browser
Changed ObjectClass order so Options attributes are decoded correctly

LDAP Search
Update SupportedControl to include LDAP_SERVER_SET_OWNER_OID, LDAP_SERVER_BYPASS_QUOTA_OID, LDAP_SERVER_LINK_TTL_OID,
LDAP_SERVER_SET_CORRELATION_ID_OID,
LDAP_SERVER_THREAD_TRACE_OVERRIDE_OID
Add inline filter substitution for Match rule OID LDAP_MATCHING_RULE_DN_WITH_DATA introduced in Windows 2012R2. The substitution characters for this rule is $= e.g. (msDS-HasInstantiatedNCs $= B:8:0000000D:DC=corp), which expands to (msDS-9HasInstantiatedNCs:1.2.840.113556.1.4.2253:=B:8:0000000D:DC=corp)
Fixed bug in the range option on attributes
Added DecodeType for Unicode strings, it also supports Byte Order Mark (BOM) to define the Unicode format
Updates to the screen draw in table view, provides about 25% increase in displaying results
Added 'Display on Complete' option to increase the display speed, screen updates are suppressed until all results are displayed

Locked Accounts
Added context menu for AD Properties and Attributes

NetGroupEnum
Updated to include icons to represent users and groups
Updated context menu to include AD properties for the select trustee

Ping
Updated to support column sorting

Schema Class Browser
Update to display the hierarchy of the selected schema class

Schema History
Added extra column to display OID
Added Windows 2019
Added Exchange 2016 CU7
Schema Version
Updated Windows 2019
Changed Unknown to Not Set for items that don't exist
Added option to display the raw values rather than the decoded values

SD Prop
Complete rewrite to support new functionality
Added context menu to display AD properties
Added option to clear the AdminCount attribute and reset ACL inheritance on user accounts that have AdminCount attribute set

Site Browser
Added option to display the list of IP subnets
Added option to display the list of AD Site Links

Time Converter
Updated to support yyyy/mm/dd hh:mm:ss time\date format
Updated to support yyyy-mm-ddThh:mm:ss.mmm Azure time\date format

Token Size
Fixed double click on Token Size List so sub group list is opened

User's Groups
Context menu updated to include option to open AD properties

User Search
Fixed bug where stored LDAP Search credentials are used when displaying Attributes Dialog
Add context menu for Find Trustee, GPO Allocation, Quota Usage
Added icon for locked user accounts, GC search must be disabled for locked accounts to be displayed

WINS Lookup
Improved error reporting and added Set Debug option

DecodeTypes list:
    DEFAULT - ASCII
    64DATE - Win32 64bit Date Format
    64TIME - Win32 64bit Date & Time Format, local time
    64TIME_UTC - Win32 64bit Date & Time Format, UTC
    ATTRIBENUM - predefined enumerate
    ATTRIBENUM_NONUM - predefined enumerate only symbolics are displayed
    BEROID - Basic Encoding Rules (BER) Organization Identifier
    BIN - Binary list
    CERT - Certificates
    COUNT - Returns the number of entries in the attribute
    CRL - Certificate Revocation List
    DNSPROPERTY - DNS Properties entries
    DNSRECORD - DNS entries
    DNSRECORD.DATA - return only the data field
    DNSRECORD.RANK - return only the rank field
    DNSRECORD.SERIAL - return only the serial field
    DNSRECORD.TIMEOUT - return only the timeout field
    DNSRECORD.TIMESTAMP - return only the timestamp field
    DNSRECORD.TTL - return only the ttl field
    DNSRECORD.TYPE - return only the type type field
    DNSRECORD.VERSION - return only the version field
    DSA_SIG - DSA Signature
    FILETIME - Win32 File Date & Time Format
    GTFTIME - Generalized Time Format, local time
    GTFTIME_UTC - Generalized Time Format, UTC
    GUID - Windows COM GUID format
    GUID_LDAP - GUID in LDAP filter format
    GUID_RAW - Hex GUID format
    HEX - Display a number if Hex format
    IP - DWORD IP address in windows order
    IPN - DWORD IP address in network order
    MSTRUST - Decoder for msds-TrustForestTrustInfo
    NTDS_CONN_OPT - Returns the options for the Options of NTDSConnection
    NTDS_DSA_OPT - Returns the options for the Options of NTDSDSA
    NTDSSSITE_OPT - Returns the options for the Options of NTDS Sites Settings
    PARENTCN - Returns the parent container of the CanonicalName
    PARENTDN - Returns the parent container of the distinguishedName
    PERIOD - Certificate renewal period
    PSMTP - Display primary smtp entry
    PWDSEC - Password secounds
    PX400 - Display primary x400 entry
    PX500 - Display primary x500 entry
    REPL_UTDV - NC Up ToDateness Vectors
    REPS_INFO - Replication neighbours RepsTo and RepsFrom
    RIDPOOL - RID Pool Allocations
    SD - Security Descriptor in SDDL format
    SD_NAME - Returns the resolved names of all the entries in the SD
    SD_NAME_DACL - Returns the resolved names of the DACL entries in the SD
    SD_NAME_GROUP – Return the primary group assigned in the SD
    SD_NAME_OWNER - Returns the resolved name of the owner in the SD
    SD_NAME_SACL - Returns the resolved names of the SACL entries in the SD
    SD_SID - Returns the SID of all entries in the SD
    SD_SID_DACL - Returns the SID of the DACL entries in the SD
    SD_SID_GROUP – Returns the primary group assigned in the SD
    SD_SID_OWNER - Returns the SID of the Owner in the SD
    SD_SID_SACL - Returns the SID of the SACL entries in the SD
    SID - Display Security Identifier in text form
    SID_ABS - Display the absolute name of the SID
    SID_REL - Display the relative name of the SID
    SITE_LINK_OPT - Returns the options for the Options of SiteLink
    SIZE - The size of the data returned
    SMTP - Display only smtp entries
    TRANSPORT_OPT - Returns the options for the Options of transport container
    UNICODE - Return a string in Unicode format, with BOM decode support
    X400 - Display only x400 entries
    X500 - Display only x500 entries

NetTools v1.24.0

A few new functions introduced with this version as I have been doing more work around websites and internet based services. A interesting note that I found while writing the Trace Route function, the standard method to complete the TTL ICMP echo is using the standard winsocket RAW method, however, I found that the default settings of the Windows firewall would block this traffic and would require the user to allow this traffic for the function to work correctly. This was unexpected especially as this is not required for the MS command line tracert utility and there are no default rules to allow this traffic. After a bit of playing around, I used the IcmpSendEcho API, and these packets bypass the firewall completely and there is no way to block them. I wonder how many other MS APIs bypass the firewall completely and means you can’t block this traffic!

Trace Route ** New **
A multi-threaded Trace Route option that provides the fastest possible result by testing all hops at the same time, displaying the complete route in under 3 seconds
WhoIS ** New **
An option to query WhoIs databases for both IP and domain details
IP Geo Location ** New **
An option to display the Geo location information of an IP address
HTTP Headers ** New **
An option to display the HTTP headers of a website
UNC Check ** New **
New option to check a UNC path, this will check that server’s IP address is resolvable, share exists and permissions to access the file systems and display which part of the path is valid or not
URL Check ** New **
An option that combines all of the above web based tests against a domain name
General
Added additional error handling around ini file reads and writes to prevent exception caused by disconnected shares
ACL Browser
Updated so the GUID and SID caches are not cleared between searches for the same domain to improve performance, manual clear Cache option added
Updated ACL Flags option to display allow and deny flags in the ACL
Added context menu option to display AD properties dialog
Fixed bug that could cause an exception error
AD Properties Dialog
Added the object name to the title of the dialog
Update ProxyAddresses to allow multiple line selection
Updated members and memberOf to use the domain context of the displayed object rather than the server’s default context, so the PrimaryGroupID is resolved correctly
AD Sites
Change the site option to a dropdown list of available AD sites
Base64
Fixed issues with Hex decode not showing the last line of the text dump
DCs in Sites
Change the site option to a dropdown list of available AD sites
Find Trustee Assignments
Updated so the search can include the Owner in the results
LDAP Search
Defined parentGUID, msExchOnPremiseObjectGuid, msDC-ConsistencyGuid as GUID decode type
Added option in LDAP Filter wizard select if Not queries comply with RFC4515. MS LDAP supports the format as in RFC4515 and an abbreviated version that doesn’t require extra parenthesis around the filter for Not statements, i.e. RFC4515 format: (!(objectclass=user)), MS format (!objectclass=user)
Updated LDAP Location Selector to use BaseDN rather than the DC’s default domain context
Conditional attributes updated to include the Len option, which returns the string length of the variable
LDAP Browser
Updated shift start functionality on the LDAP Search option to start in a new instance so multiple browsers can be opened
Updated to support LDAP directories that don’t use the AllowedAttributes on the list available attributes on objects
Meta Data Dialog
Updated with an option to display times in UTC or local time
NetGroupEnum
Updated to include the machine\domain reference of the trustees
Org Structure
Added option to only display direct reports that have active accounts
Added option to specify Naming Context to support non-contiguous name spaces
Fixed exception error when the manager attribute is not set
Overlapping Subnets
Updated the results text from errors to overlaps to reflect changes in MS recommendations on catch all entries
Fixed bug that could cause an exception if output to file selected but no filename specified
Ping
Updated to the success and failed results are displayed correctly and clears the previous results before tests start
Schema Browser
Updated screen redraw to improve display speed
Schema History
Added Exchange 2016 CU7
Schema Version
Updated to include Exchange CU5-7
Added the Exchange Forest Version
SID Converter
Updated the output to display the SID in a number of different formats, including LDAP filter, ADSI, Hex and Base64
Site Browser
Added extra column to display the replication type on the list site view
Added stop button on the site coverage to stop the current lookups
Updated to display Site Settings for each site
Updated to display Policy Query settings for the setting and domain controllers, if a new policy has not been defined, the default policy is displayed
Time Converter
Updated to display the time entered as UTC, local to UTC, and UTC to local
User Rights & Logon
Changed the output to be tab and table based to allow easier viewing and copying
User Search
Updated search to support downlevel name format <domain>\<identity>
Updated Use With option for Org Structure to pass the server context if it’s changed from the default
Changed GC Option to clear the current list to prevent GC\No-GC lookups issues
Fixed bug where the scope list would not be updated correctly if an error occurs while getting domain list

NetTools v1.23.0

Ping ** New **
A new feature that allows multiple devices to be pinged at the same time, paste a list of end points to be pinged, supports short names, FQDN and IP addresses, just paste a list of IP addresses, names, or FQDN to scan

Extended Rights ** New **
Provides the ability to display what extended rights have been assigned to each schema class

Org Structure ** New **
New feature that allows you to browser the organization structure as defined in the AD by the Manager and Delegates attributes

Clipboard Format Viewer ** New **
New feature that allows you display the format of the data that is currently in the clipboard buffer

AD Properties
Updated to use the GC for Membership lookup to increase the performance of group resolution
Added the Hide from GAL option on the Exchange tab
Added LAPS tab to display the details associated to the Local Administrator Password Service on computer object
Added AD and GC server details used to retrieve the details

ACL Browser
Updated to include SACL tab, this requires the SeSecurity right to display the SACL permissions

LDAP Search
Added Display results to update query to increase the performance of updates when updating the attributes on multi-value attributes i.e. Member
Added LDAP filter wizard which provides a graphical query designer
Added an additional filter substitution for an multiple string ANR search. {anr:<string>}
Defined ms-Mcs-AdmPwdExpirationTime as 64Time
Fixed Hex display issue
Fixed bug where results not being displayed when conditional attributes is used
Fixed potential protocol error when SACL option selected
Set the table view as the default option

LDAP Performance
Updated to provide better precision on the timing results

NetGroupEnum
Updated to display both local and global groups and displays the members of a selected group

RID Pool
Updated to use DNS Hostname rather than short name to help name resolution issues

Schema History
Updated to support Exchange CU2 & 3, Windows 10 LAPS

Version Checking
Updated version checking to taking into account changes to Dropbox public folders

NetTools v1.22.0

This update has a number of new features around AD security, NetTools now provides the simple ACL explorer view to display the object, mailbox, and schema security descriptor.  The ACL Browser is able to browser any partitions, if the schema partition is selected the Default Security Descriptor for schema class is also displayed.

Assigned Trustees is a new feature to provide the ability to search for any ACLs that contains the specified trustee, this can be a user, group or any other security principal.

LDAP Search has a number of new features including more Update query options, Auto Complete, and Conditional Attributes.  The Update Queries now support move and delete options, as the object will be moved or deleted, no other attributes updates can be included in the same query. The Auto Complete option is available on the filter and attribute fields, once the Populate list button has been pressed the schema details are cached and are available for Auto Complete on these fields.  The Auto Complete feature also includes a syntax checking on the Attributes field.  This feature will highlight any attributes or decode type in red that are not valid. The Conditional Attributes feature provides the ability to do attributes based comparisons that are not available in standard LDAP queries.  It provides a conditional check against each retuned object from the LDAP search results and will return a true or false result, the results can be static text or an attribute of the returned object.  Conditional Attributes are specified in the Attribute field as an extension to an attribute name and defines the conditional statement with the true and false results. 

Conditional Attributes have the following syntax: <attribute name>;{if:<variable1>[;type]<op><variable2>[;type]:<true result>:<false result>}

attribute name: is the name of the attribute that the result will be returned against
variable1: the first variable for the comparison, this can be an attribute of the object or static text
op: the logic operator used to compare variable1 and variable2, the options are:

==        Equal
!=         Not Equal
>          Greater Than
<          Less than
>=        Greater or equal
<=        Less or equal

variable2: the second variable for the comparison, this can be an attribute of the object or static text.  If the first character of the static entry is ‘*’ then the Equal and Not Equal op will search for the text within in variable1, if not then the variable2 must match variable1, comparisons are case in-sensitive.
type: is an optional format option to define the data type of the variable and is used for the comparison, the options are int or date
true result: the value to be returned against the attribute name if the condition is true
false result: the value to be returned against the attribute name if the condition is false

With all fields, static text is encapsulated in quote marks, and any value not encapsulated is assumed to be a attribute of the object.  Static entries can also include any of the substitutions options, i.e. oid, ip, ipn, idate, zdate, hex, guid, unicode, and userinput
            Examples:

Updated:{if:usnchanged;int==usncreated:”Unchanged”:”Changed”}
One:{if:extensionattribute2==”1”:”true”:extensionattribute2}
PwdChanged:{if:pwdlastset;date>=”10/11/16”:”Updated”:”Needs updating”}
Password_Changed:{if:pwdlastset;date>=”{idate:now-14}”:”Updated”:”Needs updating”}
Not_Admin;{if:member!=”*admin account”:member:” ”}

Access Control Rights  ** New **
A complete rewrite of the Extended Rights and Property Sets options, they are now combined under the one option now including Validated Rights details

ACL Browser  ** New **
A new option to browser the ACL defined in the AD or AD LDS directory

Assigned  Trustees ** New **
This option will scan all accessible objects in the default naming context and displays the list of unique users and groups that have been assigned rights in the AD.  This option is useful to see if a specific security principal has been assigned rights in the directory.

Find Trustee Assignments  ** New **
This option provides the ability to search if the specified trustee has been assigned any rights to any objects in the directory.  Includes an option to include or exclude inherited permissions

Password Checker  ** New **
This option provides the ability to check a single password against a list of accounts, and confirm if the accounts are using the password. The status report will show if the account is currently locked, password reset required, expired, or is disabled. To use this option just paste a list of samaccountnames into the pane, enter the details and click go

Extended Rights  ** Removed  **

AD Subnet
Updated to remove spaces from user input
Updated to display Not Found if the IP address(es) are not defined in the AD

Attribute Replication
Updated to display all the values of attributes with multiple values.

Base64
Updated to support text selection and decodes across multiple lines

LDAP Browser
Significant rewrite of most functions to use the LDAPClass and added attribute cache feature to improve performance over slow links

LDAP Search
Bug fix: resolved issue where the attribute order was not preserved in table view
Now includes support auto complete and validation on filter and attributes fields, this option is available once the populate list button has been pressed.  The auto complete option is enabled by default but can be disabled by deselecting the Auto Complete option.  The Populate list button is shown below:

Added Clear Table option to allow the contents of the table view to not be cleared between searches
Added additional dialog option to allow the selection of attributes for the Attributes field
Added option for Conditional Attributes
Added Enum button to display the internally defined enum used by NetTools to decode attributes
Added PARENTCN DecodeType to display the parent CanonicalName of the object
Added DecodeType for ValidAccesses attribute
Added decode for msDS-UserPasswordExpiryTimeComputed
Added decode for msRTCSIP-UserRoutingGroupId
Added DecodeType SD_NAME_GROUP and SD_SID_GROUP for the primary group in the SD
Fixed sorting issues for Int data types
Updated the LDAP Browser button so if the shift key is held down when clicking on the LDAP Browser button its opened in a non-modal mode, so it can stay open
Updated Display Filter field to support parameter encapsulated in quote marks
Updated the Display Filter logic to provide better support for attributes with multiple values
Updated Value field in update queries to include substitutions commands to work with Input mode data  i.e. AccountExpires=={idate:##input2}
Updated to support quote marks encapsulation for Values in Update queries
Updated the Attribute List dialog to include a manual DecodeType type allocation
Updated so after an update query has completed the preview option is selected to prevent any accidental updates
Updated update queries to support move and delete operator, The delete option is only available once the Delete and Delete Tree options are selected:

To update an attribute an Update Operator must be specified after the attribute name, follow with the value you wish to set.  This is the Syntax for the update operation:

<Attribute><Op><Value>

Attribute:  The name of the attribute that you wish to update
Op: The operation that is to be performed

=+        Add Value to attribute
=-         Remove the Value from the Attribute, if no Value is specified the attribute is cleared
==        Set\Replace the current value of the attribute with Value
=|         Perform a bitwise operation of the current value of the attribute, this Op has a specific format for the Value
Value = <Mask>:<Data>
Mask - the bitwise mask  Note: Input Mode substitution can’t be used on this field, only the data field
Data - is the bits to be set based on the bit mask
=#        Delete object, the Attribute can be any attribute that has a value assigned, no value is required  ** New **
=>        Move the object the new location specified by the Value, the Value should be encapsulated in quote marks ** New **
            The Attribute can be any attribute that has a value assigned
Value: the data to be written to the attribute

Examples:
AccountExpires=={idate:##input2}                          - Set AccountExpires to the int64 value of ##input2
dn=>”cn=users,dc=domain,dc=com”                   - Move the selected object to the specified location
dn=#                                                                - Delete the object from Active Directory

General
Added a DN Select Location option to all fields that require a DN entry, which allow the DN to be selected by browsing the specified directory.  The Select Location button has three dots ...
Updated to include better support for displaying Unicode and UTF-8 LDAP strings

Group Compare
Bug fix – auto sort is disabled when SID resolution is selected

Group Manager
Updated to allow cross forest lookup of security principals

Last Logon Time
Fixed intermittent Indexing error

AD Properties dialog
Bug fix – fixed issues where primary group is not resolved in some domain configurations
Updated to display the user’s thumbnail photo
Improved the user feedback and stability when the members and memberof tabs are displayed for object with large number of memberships
Updated icons in member and memberof to show disabled objects

Schema Version
Updated to include the Forest, Domain and Domain Controller Functional Levels
Updated to cover Windows 2016 technical preview 4

Schema History
Updated to include Exchange 2016 CU1

Search
Use with option on context menu updated with ACL Browser option
Updated to display an icon for each object returned, disabled objects are shown with a disabled icon

User Rights
Updated to display current assigned and enabled user rights

DecodeType list:
    DEFAULT - ASCII
    64DATE - Win32 64bit Date Format
    64TIME - Win32 64bit Date & Time Format, local time
    64TIME_UTC - Win32 64bit Date & Time Format, UTC
    ATTRIBENUM - predefined enumerate
    ATTRIBENUM_NONUM - predefined enumerate only symbolics are displayed
    BEROID - Basic Encoding Rules (BER) Organization Identifier
    BIN - Binary list
    CERT - Certificates
    COUNT - Returns the number of entries in the attribute
    CRL - Certificate Revocation List
    DNSPROPERTY - DNS Properties entries
    DNSRECORD - DNS entries
    DNSRECORD.DATA - return only the data field
    DNSRECORD.RANK - return only the rank field
    DNSRECORD.SERIAL - return only the serial field
    DNSRECORD.TIMEOUT - return only the timeout field
    DNSRECORD.TIMESTAMP - return only the timestamp field
    DNSRECORD.TTL - return only the ttl field
    DNSRECORD.TYPE - return only the type type field
    DNSRECORD.VERSION - return only the version field
    DSA_SIG - DSA Signature
    FILETIME - Win32 File Date & Time Format
    GTFTIME - Generalized Time Format, local time
    GTFTIME_UTC - Generalized Time Format, UTC
    GUID - Windows COM GUID format
    GUID_LDAP - GUID in LDAP filter format
    GUID_RAW - Hex GUID format
    HEX - Display a number if Hex format
    IP - DWORD IP address in windows order
    IPN - DWORD IP address in network order
    MSTRUST - Decoder for msds-TrustForestTrustInfo
    NTDS_CONN_OPT - Returns the options for the Options of NTDSConnection
    NTDS_DSA_OPT - Returns the options for the Options of NTDSDSA
    NTDSSSITE_OPT - Returns the options for the Options of NTDS Sites Settings
    PARENTCN - Returns the parent container of the CanonicalName
    PARENTDN - Returns the parent container of the distinguishedName
    PERIOD - Certificate renewal period
    PSMTP - Display primary smtp entry
    PWDSEC - Password secounds
    PX400 - Display primary x400 entry
    PX500 - Display primary x500 entry
    REPL_UTDV - NC Up ToDateness Vectors
    REPS_INFO - Replication neighbours RepsTo and RepsFrom
    RIDPOOL - RID Pool Allocations
    SD - Security Descriptor in SDDL format
    SD_NAME - Returns the resolved names of all the entries in the SD
    SD_NAME_DACL - Returns the resolved names of the DACL entries in the SD
    SD_NAME_GROUP – Return the primary group assigned in the SD
    SD_NAME_OWNER - Returns the resolved name of the owner in the SD
    SD_NAME_SACL - Returns the resolved names of the SACL entries in the SD
    SD_SID - Returns the SID of all entries in the SD
    SD_SID_DACL - Returns the SID of the DACL entries in the SD
    SD_SID_GROUP – Returns the primary group assigned in the SD
    SD_SID_OWNER - Returns the SID of the Owner in the SD
    SD_SID_SACL - Returns the SID of the SACL entries in the SD
    SID - Display Security Identifier in text form
    SID_ABS - Display the absolute name of the SID
    SID_REL - Display the relative name of the SID
    SITE_LINK_OPT - Returns the options for the Options of SiteLink
    SIZE - The size of the data returned
    SMTP - Display only smtp entries
    TRANSPORT_OPT - Returns the options for the Options of transport container
    X400 - Display only x400 entries
    X500 - Display only x500 entries

NetTools v1.21.0

While this is only a minor version number change, this version is a significant change in the functionality of NetTools.  With previous versions the LDAP Search option would only allow you to query the AD or LDAP directory.  With this version you can now perform update operations on objects in the directory.  Combined with the new Batch and Multi-Column Input Modes the update option offers tremendous flexibility and power to update objects in the directory. Like any tool that allow direct writes to the directory, it also has the potential to cause damage, so use with care!!

To use the Update option you have to input the required details in the Attribute field, see the syntax below, you then need to select the Enable Updates option. This will enable the preview mode by default as an extra safety net.  Preview mode allow you to run the query and show the values that would be written to the attributes when the preview mode is turned off.  When Preview mode is deselected the Go button turns red to show that the update mode is enabled and attributes could be changed when the query is run.  Please note, there is no undo option for updates.  When you run an update query the values returned against each of the attributes are the new value for the attributes after the update has been completed.  If an error occurs during the update the LDAP error code is returned, in most case these are self explanatory and are usually due to a schema restriction.  See the Single Update option below for more information on how to determine which update caused the error.

The Add operator ‘=+’ can fail due of the schema definition of an attribute that is being updated.  If you use Add operator to update an attribute that has a schema definition of single value, if there is no value assigned to the attribute the update will succeed. However, if there is a value already assigned the update will fail.  In the case of single value attributes its better to use the Set ‘==’ operator to assign the new value, as this will set or replace the existing value.

The value provided to update attributes can use the same substitution options that are available in the filter field i.e sid, oid, ip, ipn, idate, zdate, hex, guid, unicode, and userinput.  There is additional substitutions options for the attributes field, these are attrib and code characters.  The attrib substitution option can be used to retrieve the value of an attributes, this is useful for updating multiple line single value attributes like the Info field.  To retrieve the value of an specific attribute, this doesn’t have to be the same attribute as the one that is being updated, you only need to specify the attribute name in the subst command i.e. {attrib:info}.  The support for the retrieval of a value is limited to attributes that only have a single value set.  If multiple values are assigned to the attribute the retrieval will fail and report an error that multiple values exist.  The substitution also supports the use of the standard C\C++ Escape characters to include control character or binary values, these are listed below.       

The batch mode feature provides the ability to run a number of saved queries in a specified order.  It can be used to complete management tasks, one example is the automation of disabling inactive accounts.  This is achieved by creating a query that returns all accounts that are inactive based on your audit requirement, then the next query in the batch list is an update query that is configured as input query taking the results from the first query as an input, these accounts are then disabled by the second query. 

Group Compare  ** New **
Provides the ability to compare the group membership of two users accounts.  There are two comparison options, compare by Name or Object SID.  The list of groups that are returned can be derived from either the group membership attribute of the user or the user’s Token Group details which will contain all the SIDs of all the groups, including nested groups, and domain security principals that are granted at logon.  The SIDs can also be resolved in a number of different ways:
None – the SID is displayed.
Relative – the name associated to the SID based on the SID assigned to the ObjectSID or SIDHistory attributes in the domain.
Absolute – the SID is referenced back to the source domain and real name is displayed.  Network performance and old SID History entries to a non-existent domain can impact the performance of this resolution type.

Last Logon Time  ** New **
This new feature allows you to display the last logon time for a list of users.  NetTools will scan all the domain controllers in the domain for the individual Logon Time and display which Domain controller has the latest time.  You just need to paste a list of samaccountnames into the output pane and click Go.

AD Properties Dialog
Added ability to open the properties dialog for managers and direct reports.
Updated hints on fields to display the name of the attributes that contains the value.

AD Replication Queue
Added option to change how long the queue entries are display before they are removed from the list.

DC Resolution
Bug Fix: fixed issues in the default context detection

Last Logon
Updated Last Logon output to include the meta for the PwdLastSet attribute.
Updated the Event log scan criteria to also look for the user’s UPN as well as SamAccountName.

AD Attributes Dialog
Added the Single column to display if the attribute is single value.

LDAP Browser
Bug Fix: resolved issue where the browser could be slow to open.
Added additional context menu option on the Attribute menu to allow the Raw attribute data to be viewed.

LDAP Search
Bug Fix: Intermittent Invalid handle exception.
Bug Fix: in security descriptor decoder.
Added a Zoom feature for the Filter and Attribute fields.
Added CSV output option, when used in conjunction with the fie output option
Updated with support for Windows 2016TP3
Improved the performance of the column redraw.
Removed the limitation that requires the DN to be in the first column for DN context menu items
Updated PWDSEC DecodeType to handle 64 bit -1 correctly
Added decode for the pwdProperties attribute
Two new subst options available on the filter and attribute fields. These are called userinput and unicode.  The userinput will prompt the user for an input. This requires a label which is shown on the dialog box.  The user inputs are cached against the label, if a label is used a second time the cached response is used and the user is not prompted. The userinput subst can be nested in other subst options e.g. (pwdpastset>={idate:{userinput:Date}}) the user would be prompt to enter the date, then the idate subst will cover this into a 64 bit date code.  The Unicode subst will convert the text to a escaped hex unicode value i.e. {unicode:uni-text} results in \75\00\6E\00\69\00\2D\00\74\00\65\00\78\00\74\00
The Input Mode paste and file load function have been updated to allow up to ten column inputs to be added.  The separation is the tab character, which is the default used by Excel when copying multiple columns.  Each column is given its own designator i.e. ##input, ##input2, ##input3 etc.  These designator can then be used in the DN, Filter, and Attribute fields and will be substituted for the value in the column when the query is run.

Batch Mode ** New **
Allows you to specify a list of favorite queries to be executed in a specified order.  The output of one query can be used as the input for the next query.  Use the Batch List button to select the queries and order.  The batch list can be saved and recalled at a later date.
Update Mode  ** New **
The LDAP Search now has has the ability to update attributes based on the values specified in the attribute field or data specified in the Input Mode columns. To update an attribute an Update Operator must be specified after the attribute name, follow with the value you wish to set.  This is the Syntax for the update operation:

<Attribute><Op><Value>
Attribute:  The name of the attribute that you wish to update
Op: The operation that is to be performed
=+        Add Value to attribute
=-         Remove the Value from the Attribute, if no Value is specified the attribute is cleared
==        Set\Replace the current value of the attribute with Value
=|         Perform a bitwise operation of the current value of the attribute, this Op has a specific format for the Value
Value = <Mask>:<Data>
Mask - the bitwise mask  Note: Input Mode substitution can’t be used on this field, only the data field
Data - is the bits to be set based on the bit mask
Value: the data to be written to the attribute

Examples:
ExtensionAttribute1==Office1                              - Sets the ExtensionAttribute1 to Office1
ProxyAddresses=+smtp:www.world.com - Adds the value to the ProxyAddresses, the existing values are preserved
ProxyAddresses=-smtp:www.world.com              - Removes the specific value from the attribute
ProxyAddresses=-                                              - Clear the attribute, i.e. set to not set
UserAccountControl=|2:2                                    - Sets the 2 bit of the attribute to 1
UserAccountControl=|2:0                                    - Clears the 2 bit of the attribute to 0
UserAccountControl=|6:4                                    - Clears the 2 bit and sets the 4 bit of the attribute
UserAccountControl=|2:##input2                        - sets bit 2 to the value of ##input2
Info=={attrib:info}\n user updated as part of change 31012
Info=={attrib:info}{attrib:mail} user updated as part of change 31012
Objectversion=={attrib:objectversion}1
Binary=+\23\34\01\5a\4f\00

The Update mode can be combined with the multi-column Input Mode to update the attributes on objects with different values.  For example if you wanted to update the department and telephone numbers in AD for a number of users.  If you paste three columns of data containing a list of samaccountname, department name, and new telephone number and then by setting the Filter field to (samaccountname=##input) and the attribute field to Department==##input2, telephone==##input3 you can update all the users details in one operation.  Another example you have a list of users that need to be disabled and another list of users that need to be enabled.  If you combine the list of samaccountname and in the second column specify 0 for an account you want to enable and 2 for an account you want to disable.  Pasting these columns into Input Mode and set the Filter field the same as with the previous example but setting the Attribute field to UserAccountControl=|2:##input2, this will update all the accounts in one operation.

Single Update – is the default when the Update mode is selected, this causes all the required updates to be performed as a single update when the query is run.  The disadvantage to using single update is if you update multiple attributes at once and one of the updates fails i.e. due to a schema restriction, the resulting error message which is reported is against the first attribute that is displayed and not the attribute that caused the update to fail.  By deselected Single Update option, each update is performed separately and if that update fails the error message is display against the attribute that failed to update.

Search
Added option to context menu to select which attributes are displayed

Schema Browser
Added an extra column to show if the Attribute is available in the GC

Schema History
Updated to include Exchange 2016 RTM, Windows 2016TP3

Schema Version
Updated to include Exchange 2013 CU1/2/3/4/5/6/7 & SP1, 2016, and Windows 2016TP3

User Groups
Update output to include security principal SID

C\C++ Escape Characters:

\a         07        Alarm (Beep, Bell)
\b         08        Backspace
\f          0C        Formfeed
\n         0A        Newline (Line Feed); see notes below
\r          0D       Carriage Return
\t          09        Horizontal Tab
\v         0B        Vertical Tab
\\          5C       Backslash
\'          27        Single quotation mark
\"          22        Double quotation mark
\?         3F         Question mark
\hh       any       The character whose numerical value is given by hh interpreted as a hexadecimal number

NetTools v1.20.0

Attribute Replication  ** New **
The ability to check the value of attributes of an object across all domain controllers in the specified name context.  Also ideal for checking the value of non-replicated attributes.

Replication Queue  ** New **
Displays the replication queue on the specified domain controller.

Domain Tree ** New **
Displays the domains in a forest and the domain controllers in each domain.  Supports forests with non-contiguous namespaces.

LDAP Search
Filter field now performs validation of the entered filter, if the entered filter is incorrect the field background will turn red.  The filter validation is only available after the populate list button at the end of the server name field has been pressed.

Updated Dynamic attributes to include additional attributes to support column sorting across a wide range of attributes in Table view.  Note: the download of the additional attributes can impact the time taken to complete queues, this option can be turned off by unselecting the Sort Attributes options.
Added option to select if the Attribute tag is displayed or not in the output pane
Added SID_ABS decodetype provides absolute resolution of SID to the source domain.
Fixed bug in the LDAP Connection options where int options are not set correctly.
Fixed bug in Dynamic Attribute hash table.
Updated DS behavior type to include Windows 2012R2.
Added decode for msDS-Behavior-Version.
Changed DNSProperty decode type to Binary due to unknown data formats in the attribute.
           LDAP Browser
Updated so the double click Attribute dialog works when secure control are selected (Delete or Recycle Bin).
Added check button to limit the left hand pane to limit the display to container objects.

Schema History
Updated to support the following schema changes:
Exchange 2013 RTM, CU1, CU2, CU3, SP1, CU5, CU6, CU7

Site Browser
Updated upstream and downstream replication partners view to include AD site of the DC.
Updated to include validate function on the servers view to test servers are available.

Last Logon
Updated to support Windows 7/8/2008/2012 logon events.
Updated to support unlock and new credential logon types.
Updated to display more event details.
The list of DCs is limited to the DCs in the same domain context as the user.

Locked Accounts
Updated view to include samaccountname and DN.
Updated context allow Last Logon for selected item.

User Details or Search
Renamed option to Search to better reflect its function.
Updated with column sort.
Updated logic around the GC selection in case of DNS issues.
Updated GC find logic to support both domain and server resolution.
Updated context Use With menu to include Attribute Replication.

DC Resolution
Added option to limit the DC returned to the DC in the same domain context as the specified server.
Updated so if the dnsHostName entry is not found for the name, the name is used.  This is to allow port scanning of devices that are not DCs and not IP addresses.
Updated to allow user specified ICMP time out.
Updated to allow user specified IP TTL on port scans.

WINS Lookup
Improved text entry logic so previous commands can be entered again by pressing enter on the previous command.

General
Updated error reporting on the AD Properties dialog.
Updated a number of internal functions to use LDAP APIs instead of the slower ADSI APIs.

DecodeType list:
    DEFAULT - ASCII
    64DATE - Win32 64bit Date Format
    64TIME - Win32 64bit Date & Time Format, local time
    64TIME_UTC - Win32 64bit Date & Time Format, UTC
    ATTRIBENUM - predefined enumerate
    ATTRIBENUM_NONUM - predefined enumerate only symbolics are displayed
    BEROID - Basic Encoding Rules (BER) Organization Identifier
    BIN - Binary list
    CERT - Certificates
    COUNT - Returns the number of entries in the attribute
    CRL - Certificate Revocation List
    DNSPROPERTY - DNS Properties entries
    DNSRECORD - DNS entries
    DNSRECORD.DATA - return only the data field
    DNSRECORD.RANK - return only the rank field
    DNSRECORD.SERIAL - return only the serial field
    DNSRECORD.TIMEOUT - return only the timeout field
    DNSRECORD.TIMESTAMP - return only the timestamp field
    DNSRECORD.TTL - return only the ttl field
    DNSRECORD.TYPE - return only the type type field
    DNSRECORD.VERSION - return only the version field
    DSA_SIG - DSA Signature
    FILETIME - Win32 File Date & Time Format
    GTFTIME - Generalized Time Format, local time
    GTFTIME_UTC - Generalized Time Format, UTC
    GUID - Windows COM GUID format
    GUID_LDAP - GUID in LDAP filter format
    GUID_RAW - Hex GUID format
    HEX - Display a number if Hex format
    IP - DWORD IP address in windows order
    IPN - DWORD IP address in network order
    MSTRUST - Decoder for msds-TrustForestTrustInfo
    NTDS_CONN_OPT - Returns the options for the Options of NTDSConnection
    NTDS_DSA_OPT - Returns the options for the Options of NTDSDSA
    NTDSSSITE_OPT - Returns the options for the Options of NTDS Sites Settings
    PARENTDN - Returns the parent container of the distinguishedName
    PERIOD - Certificate renewal period
    PSMTP - Display primary smtp entry
    PWDSEC - Password secounds
    PX400 - Display primary x400 entry
    PX500 - Display primary x500 entry
    REPL_UTDV - NC Up ToDateness Vectors
    REPS_INFO - Replication neighbours RepsTo and RepsFrom
    RIDPOOL - RID Pool Allocations
    SD - Security Descriptor in SDDL format
    SD_NAME - Returns the resolved names of all the entries in the SD
    SD_NAME_DACL - Returns the resolved names of the DACL entries in the SD
    SD_NAME_OWNER - Returns the resolved name of the owner in the SD
    SD_NAME_SACL - Returns the resolved names of the SACL entries in the SD
    SD_SID - Returns the SID of all entries in the SD
    SD_SID_DACL - Returns the SID of the DACL entries in the SD
    SD_SID_OWNER - Returns the SID of the Owner in the SD
    SD_SID_SACL - Returns the SID of the SACL entries in the SD
    SID - Display Security Identifier in text form
    SID_ABS - Display the absolute name of the SID
    SID_REL - Display the relative name of the SID
    SITE_LINK_OPT - Returns the options for the Options of SiteLink
    SIZE - The size of the data returned
    SMTP - Display only smtp entries
    TRANSPORT_OPT - Returns the options for the Options of transport container
    X400 - Display only x400 entries
    X500 - Display only x500 entries

NetTools v1.19.8

Meta Data Dialog
Added column sort

DsGetDcName
Added option for DS Version 8

LDAP Search
Defined LastSetTime, PriorSetTime, msDS-UserPasswordExpiryTimeComputed as 64TIME
Bug fix - Updated favorites list so schemaupdates is not displayed
Bug fix - DecodeType debug string now works for all DecodeTypes

LDAP Browser
Added Meta Data option to the context menu
Fixed bug where user defined decodes were not honoured

Schema Version
Updated to support Windows 2012R2 forest and domain versions
Schema History
Updated to support the following schema changes:

Cisco Unity 4
Cisco Unity Contact Center
Cisco Call Manager
Solgenia Facsys Fax/Routing Suite
Server For Unix
Server For Unix v3.0
Exchange Unified Messaging
Exchange 2010SP1
Quest ActiveRoles

DC Resolution
Removed the dependency on a domain lookup to allow Port scans on IP addresses for machines that are not a DC

User Details
Added option to use GC for foreign object that are not in the default NC of the selected domain controller, this is to help performance when accessing objects in domains that might not be in the same site. The GC will be used for all dialogs. The AD Properties dialog will be display a warning when a GC is being used as group members is not consistent when using a GC
Updated to include scope option when the GC is used, this allows the scope to be limited to a particular NC or to overcome search issues when the forest has a non-contiguous name space
Added option to manage groups from context menu.
            Token Size
Updated to include a base DN option to allow a specific DN to be searched, if blank it will search the default DN of the selected domain controller

DecodeTypes list:
    DEFAULT - ASCII
    64DATE - Win32 64bit Date Format
    64TIME - Win32 64bit Date & Time Format, local time
    64TIME_UTC - Win32 64bit Date & Time Format, UTC
    ATTRIBENUM - predefined enumerate
    ATTRIBENUM_NONUM - predefined enumerate only symbolics are displayed
    BEROID - Basic Encoding Rules (BER) Organization Identifier
    BIN - Binary list
    CERT - Certificates
    COUNT - Returns the number of entries in the attribute
    CRL - Certificate Revocation List
    DNSPROPERTY - DNS Properties entries
    DNSRECORD - DNS entries
    DNSRECORD.DATA - return only the data field
    DNSRECORD.RANK - return only the rank field
    DNSRECORD.SERIAL - return only the serial field
    DNSRECORD.TIMEOUT - return only the timeout field
    DNSRECORD.TIMESTAMP - return only the timestamp field
    DNSRECORD.TTL - return only the ttl field
    DNSRECORD.TYPE - return only the type type field
    DNSRECORD.VERSION - return only the version field
    DSA_SIG - DSA Signature
    FILETIME - Win32 File Date & Time Format
    GTFTIME - Generalized Time Format, local time
    GTFTIME_UTC - Generalized Time Format, UTC
    GUID - Windows COM GUID format
    GUID_LDAP - GUID in LDAP filter format
    GUID_RAW - Hex GUID format
    HEX - Display a number if Hex format
    IP - DWORD IP address in windows order
    IPN - DWORD IP address in network order
    MSTRUST - Decoder for msds-TrustForestTrustInfo
    NTDS_CONN_OPT - Returns the options for the Options of NTDSConnection
    NTDS_DSA_OPT - Returns the options for the Options of NTDSDSA
    NTDSSSITE_OPT - Returns the options for the Options of NTDS Sites Settings
    PARENTDN - Returns the parent container of the distinguishedName
    PERIOD - Certificate renewal period
    PSMTP - Display primary smtp entry
    PWDSEC - Password secounds
    PX400 - Display primary  x400 entry
    PX500 - Display primary x500 entry
    REPL_UTDV - NC Up ToDateness Vectors
    REPS_INFO - Replication neighbours RepsTo and RepsFrom
    RIDPOOL - RID Pool Allocations
    SD - Security Descriptor in SDDL format
    SD_NAME - Returns the resolved names of all the entries in the SD
    SD_NAME_DACL - Returns the resolved names of the DACL entries in the SD
    SD_NAME_OWNER - Returns the resolved name of the owner in the SD
    SD_NAME_SACL - Returns the resolved names of the SACL entries in the SD
    SD_SID - Returns the SID of all entries in the SD
    SD_SID_DACL - Returns the SID of the DACL entries in the SD
    SD_SID_OWNER - Returns the SID of the Owner in the SD
    SD_SID_SACL - Returns the SID of the SACL entries in the SD
    SID - Display Security Identifier in text form
    SID_REL - Display the relative name of the SID
    SITE_LINK_OPT - Returns the options for the Options of SiteLink
    SIZE - The size of the data returned
    SMTP - Display only smtp entries
    TRANSPORT_OPT - Returns the options for the Options of transport container
    X400 - Display only x400 entries
    X500 - Display only x500 entries

NetTools v1.19.0

LDAP Performance
Added support for SSL LDAP connections

LDAP Search
Attribute DecodeType Manager – the ability to manage the DecodeType assigned to attributes.  There is a new button at the end of the Attribute field to open the DecodeType manager  ** New **
Added HEX DecodeType **New **
Added GUID_RAW DecodeType ** New **
Added GUID_LDAP DecodeType ** New **
Added ParentDN DecodeType  which returns the parent DN from the DistinguishedName attribute, only CN and OU parents are currently supported ** New **
Updated certificate verification options:

Verify Certs       Display Results              Behavior
Not selected      N\A                               No verification is performed, a certificate with errors will be accepted and the search performed
Selected            Not Selected                  The Microsoft standard certificate verification is performed, this normally doesn’t include a revocation test.  The search will only be performed if the certificate is valid.
Selected            Selected                        Extended verification process is used, this will verify the certificate and revocation for the full certificate chain and results will be displayed.  The search will only be completed if the whole certificate chain is valid.

Improved the column redraw speed in Table Input mode
DNS Record DecodeType updated to display the tombstone time and date for a deleted record
Added Regular expression filter to the display filter

<Attribute[;Type]> <Operator> <[Value][List Name]> [Logical Operator] [condition2] [Logical Operator] [condition3] [...]
     Operator           The comparison operator, supported operators are:
                   ==        Equal
                   !=         Not Equal
                   >=        Greater than or equal
                   <=        less than or equal
                   >          Greater than
                   <          Less than
                   ##        In list (exact match)
                   !#         Not in list (exact match)
                   %%      Contains item from list
                   !%        Does not contain item from list
                   Regx    Provide Regular Expression matching on the attribute

Example: name regx ^[sS][a-z]*

LDAP Browser
To increase the performance of browsing LDAP over an SSL connection and bypass certificate errors, updated not to perform any certificate verification testing on connecting
A new context menu to define the DecodeType for attributes ** New **

DCs in Sites
Updated so that resolution of the DC’s IP address is optional

User’s Groups
Updated to also display the group scope for each group

DecodeType list:
    DEFAULT - ASCII
    GTFTIME - Generalized Time Format, local time
    GTFTIME_UTC - Generalized Time Format, UTC
    FILETIME - Win32 File Date & Time Format
    64TIME - Win32 64bit Date & Time Format, local time
    64TIME_UTC - Win32 64bit Date & Time Format, UTC
    64DATE - Win32 64bit Date Format
    HEX - Display a number if Hex format
    PARENTDN - Returns the parent container of the distinguishedName
    GUID – Windows COM GUID format
    GUID_RAW – hex GUID format
    GUID_LDAP – returns the LDAP search filter format
    SID - Display Security Identifier in text form
    SID_REL - Display the relative name of the SID
    RIDPOOL - RID Pool Allocations
    IP - DWORD IP address in windows order
    IPN - DWORD IP address in network order
    ATTRIBENUM - predefined enumerate
    DSA_SIG - DSA Signature
    NTDS_DSA_OPT - Returns the options for the Options of NTDSDSA
    NTDS_CONN_OPT - Returns the options for the Options of NTDSConnection
    SITE_LINK_OPT - Returns the options for the Options of SiteLink
    TRANSPORT_OPT - Returns the options for the Options of transport container
    NTDSSSITE_OPT - Returns the options for the Options of NTDS Sites Settings
    REPL_UTDV - NC Up ToDateness Vectors
    REPS_INFO - Replication neighbours RepsTo and RepsFrom
    SD - Security Descriptor in SDDL format
    SD_SID - Returns the SID of all entries in the SD
    SD_SID_DACL - Returns the SID of the DACL entries in the SD
    SD_SID_SACL - Returns the SID of the SACL entries in the SD
    SD_SID_OWNER - Returns the SID of the Owner in the SD
    SD_NAME - Returns the resolved names of all the entries in the SD
    SD_NAME_DACL - Returns the resolved names of the DACL entries in the SD
    SD_NAME_SACL - Returns the resolved names of the SACL entries in the SD
    SD_NAME_OWNER - Returns the resolved name of the owner in the SD
    BIN - Binary list
    SIZE - The size of the data returned
    COUNT - Returns the number of entries in the attribute
    DNSRECORD - DNS entries
    DNSRECORD.TYPE - return only the type type field
    DNSRECORD.VERSION - return only the version field
    DNSRECORD.RANK - return only the rank field
    DNSRECORD.SERIAL - return only the serial field
    DNSRECORD.TTL - return only the ttl field
    DNSRECORD.TIMEOUT - return only the timeout field
    DNSRECORD.TIMESTAMP - return only the timestamp field
    DNSRECORD.DATA - return only the data field
    BEROID - Basic Encoding Rules (BER) Organization Identifier
    DNSPROPERTY - DNS Properties entries
    CERT - Certificates
    CRL - Certificate Revocation List
    PWDSEC - Password secounds
    MSTRUST - Decoder for msds-TrustForestTrustInfo
    PERIOD - Certificate renewal period
    SMTP - Display only smtp entries
    X400 - Display only x400 entries
    X500 - Display only x500 entries
    PSMTP - Display primary smtp entry
    PX400 - Display primary  x400 entry
    PX500 - Display primary x500 entry

NetTools v1.18.3

Mail Conflicts  **New**
A new test that is useful for diagnosing Quest DirSync 0xaa0000a7 errors.  The test will check if the mail addresses assigned to the source object already exists on objects in the target domain.  These conflicts stop Quest from merging\migrating mail enabled objects

Mail Unique  **New**
A test to confirm that the mail details of an object are unique in the same forest.  Just paste a list of samaccountnames of objects and check Go.  Any duplicates will be displayed

DC Updates
Now has the option to limit which DC are display and monitored based on the domain context
Added current time from each DC to show if DCs are in time sync

LDAP Search
Added option to specify the number of items returned per page query
Added new UTC options for 64time, gtftime decodes
Added 64Date back as it disappeared for some reason
Filter help updated with the substitution options
Added Reset button to set the options to the default settings
Added decodes for msFVE-KeyPackage, msFVE-RecoveryGuid, and msFVE-VolumeGuid
Added decodes for proxyaddresses, these are more display filters than decodes types, only the specified entries are displayed. SMTP, X400, X500, By using the P options only the primary entry (upper case) is displayed PSMTP, PX500, PX400

LDAP Browser
Fixed bug in the user defined columns not being displayed correctly
Updated the context menu to support LDAP Search updates

LDAP Performance
Disabled referrals on one level search so sub domains don’t impact the test results
Added stop button
Added option to purge Kerberos tickets between test to test the authentication process on each pass

AD Properties
Computer objects now includes the account logon details tab

User Details
Changed the context menu to include Use with, so search results can be piped to other tests in NetTools

General
Fixed bug in ini file read\write functions, so the ini file is only updated in the startup directory
Manage List ** New ** context menu option to manage dropdown lists

DecodeType list:
    DEFAULT - ASCII
    GTFTIME - Generalized Time Format, local time
    GTFTIME_UTC - Generalized Time Format, UTC
    FILETIME - Win32 File Date & Time Format
    64TIME - Win32 64bit Date & Time Format, local time
    64TIME_UTC - Win32 64bit Date & Time Format, UTC
    64DATE - Win32 64bit Date Format
    GUID - Windows GUID
    SID - Display Security Identifier in text form
    SID_REL - Display the relative name of the SID
    RIDPOOL - RID Pool Allocations
    IP - DWORD IP address in windows order
    IPN - DWORD IP address in network order
    ATTRIBENUM - predefined enumerate
    DSA_SIG - DSA Signature
    NTDS_DSA_OPT - Returns the options for the Options of NTDSDSA
    NTDS_CONN_OPT - Returns the options for the Options of NTDSConnection
    SITE_LINK_OPT - Returns the options for the Options of SiteLink
    TRANSPORT_OPT - Returns the options for the Options of transport container
    NTDSSSITE_OPT - Returns the options for the Options of NTDS Sites Settings
    REPL_UTDV - NC Up ToDateness Vectors
    REPS_INFO - Replication neighbours RepsTo and RepsFrom
    SD - Security Descriptor in SDDL format
    SD_SID - Returns the SID of all entries in the SD
    SD_SID_DACL - Returns the SID of the DACL entries in the SD
    SD_SID_SACL - Returns the SID of the SACL entries in the SD
    SD_SID_OWNER - Returns the SID of the Owner in the SD
    SD_NAME - Returns the resolved names of all the entries in the SD
    SD_NAME_DACL - Returns the resolved names of the DACL entries in the SD
    SD_NAME_SACL - Returns the resolved names of the SACL entries in the SD
    SD_NAME_OWNER - Returns the resolved name of the owner in the SD
    BIN - Binary list
    SIZE - The size of the data returned
    COUNT - Returns the number of entries in the attribute
    DNSRECORD - DNS entries
    DNSRECORD.TYPE - return only the type type field
    DNSRECORD.VERSION - return only the version field
    DNSRECORD.RANK - return only the rank field
    DNSRECORD.SERIAL - return only the serial field
    DNSRECORD.TTL - return only the ttl field
    DNSRECORD.TIMEOUT - return only the timeout field
    DNSRECORD.TIMESTAMP - return only the timestamp field
    DNSRECORD.DATA - return only the data field
    BEROID - Basic Encoding Rules (BER) Organization Identifier
    DNSPROPERTY - DNS Properties entries
    CERT - Certificates
    CRL - Certificate Revocation List
    PWDSEC - Password secounds
    MSTRUST - Decoder for msds-TrustForestTrustInfo
    PERIOD - Certificate renewal period
    SMTP - Display only smtp entries
    X400 - Display only x400 entries
    X500 - Display only x500 entries
    PSMTP - Display primary smtp entry
    PX400 - Display primary  x400 entry
    PX500 - Display primary x500 entry

NetTools v1.17.4

Schema History
Updated to support IBM Tivoli Storage Manager, Forefront TMG, HP Openview Configuration Manager

Schema Browser
Updated to include AttributeID OID
Now uses paged queries to support larger schemas

LDAP Browser
Updated to show the approximate number of objects in a container, if it is filtered

LDAP Search
Added decode for NTMixedDomain attribute

Site DC List
Updated to use a separate thread to improve screen updates on slow WAN networks

Replication Cursors
Updated to display the USN of the destination DC, with a delta to show how many updates are still waiting to be replicated