This option displays the objects and the associated attributes that have been changed on the specified domain controller using LDAP queries.  The option uses an LDAP search queue with the 1.2.840.113556.1.4.841 DirSync Server side control to display the changes.

When the option is first started, the first search will return all the objects that match the search filter to establish a known state of the objects in scope, depending on the number of object in scope it could take a few seconds to hours to complete the first search. For this reason it's recommended that filter is as specific as possible to only capture the objects you want to monitor.

Once the first search is complete, then at the defined update interval, the query will be run again, and only the items that have changed since the last queue was run, will be displayed, this will continue until the Stop button is pressed or NetTools is closed.  All new changes are cumulative in the list and are only cleared when a option is restarted.

There are a number of limitation that are imposed when using the DirSync control, the search must be performed against the root of the selected naming context, while NetTools will let you enter a sub container under the root, an error will be returned if you do so.  You are able to specify a filter if you want to target a specific object type, or individual object.

Note: This function can't be used to retrieve the passwords of AD accounts