Ldp.exe is a very important tool every IT professional needs to be familiar with. By default, this will be installed in your DC where your AD is running, and if you are trying to install LDP from a client machine, then you will have to download it from a microsoft website. This amazing tool provides the only way to recover deleted objects without taking a DC offline, and it’s the only way to recover a deleted object’s identity information, such as its objectGUID and objectSid attributes. It neatly solves the issue of recreating a deleted user or group and having to fix up all the old access control list (ACL) references, which contain the objectSid of the deleted object.
In as much as you may not want to think about it, accidental data loss do happen and what every IT professional needs to do is to be prepared for such when and if they do happen.
To launch this tool,
Open an elevated command prompt.
In the command prompt window, type “ldp.exe” and click “enter” This takes you to the ldp window, first go to “connection” and connect. You don’t have to type anything in the server box if you’re already in the AD server. Also, do not change the default port value from 389. Click “okay”. Go back to “connection” again and click “bind”. If you’re logged in as a domain admin, keep the status as “Bind as already logged on user” then click “okay” You will be authenticated at the bottom of the screen as an Administrator.
Then go to “Browse” and click on “search” alternatively, you can go to “view” and click on “tree” That takes you to your local domain.
Depending on your search, you may change the scope, base DN and add additional attributes to the existing ones,. To add an additional attribute, type a semicolon next to the last attribute and type in an additional attribute or you may decide to delete the existing attributes and specify new ones to use for your search. “objectguid; objectsid or service principal name” are usually very important attributes we try to find when we have connection issues or authentication issues or when an object has been deleted. Once you’re done entering the attributes, click “run”.
Note that if you are searching for a user, ensure you search with the alias displayed in Active directory Users & computers.
I hope you find this helpful.