Active Directory Explorer 1.0

I use AdsiEdit an awful lot. Rarely to actually make changes in AD, but mostly to view or search for objects in AD – looking at attributes, etc. – in order to explore AD. Great tool but in order to search AD, I’d have to switch to LDP or ADUC or some other tool and then go back to AdsiEdit to view the objects that I found. (Of course, now I mostly search with PowerShell but I still prefer a GUI tool for actually viewing the objects/attributes I’m researching.)

So I was interested to find that Microsoft has released a free download of Active Directory Explorer 1.0, which was written by Bryce Cogswell and Mark Russinovich of SysInternals fame. Here’s the description from the tool itself:

Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database, define favorite locations, view object properties and attributes without having to open dialog boxes, edit permissions, view an object’s schema, and execute sophisticated searches that you can save and re-execute.

AD Explorer also includes the ability to save snapshots of an AD database for off-line viewing and comparisons. When you load a saved snapshot you can navigate and explorer it as you would a live database. If you have two snapshots of an AD database you can use AD Explorer’s comparison functionality to see what objects, attributes and security permissions changed between them.

I’m still exploring the tool, but here’s my impressions to date.

First, the visual presentation. Similar to AdsiEdit, but when you select an object on the left side of the interface, it immediately displays the populated attributes on the right side. Much quicker to use than AdsiEdit in this respect. Right-click on the object and you can view the oject’s security and attributes, as well as jump directly to the object’s schema object. It doesn’t appear to show unpopulated attributes. AdsiEdit seems to win on this point – you can toggle between displaying all possible attributes and only those wth values.

It also offers a history mechanism so you can backtrack through the containers and objects you’ve already visited.

Next, the search capability. It’s similar to the search dialog in ADUC, but it gives an extensive list of classes to choose from, as well as a dropdown box of the relevant attributes once you’ve selected a class. More flexible than ADUC in that regard but it doesn’t seem to allow you to create your own arbitrary LDAP search strings like ADUC does, nor does it seem to allow for “or” conditions, only “and” conditions. Unless I’ve missed something, that seems rather limiting.

Finally, the “snap-shot” capability. The documentation says that you can save and reload snapshots into the tool, as well as compare selected parts of two saved snapshots. Haven’t used it yet, but it looks like it might be useful in validating and documenting changes in AD. Our change management folks would like that. Soon as I get my test environment rebuilt, I’ll test that feature.

So my overall impression is that it’s worth further evaluation, even though it doesn’t seem to answer all my wish-list regarding search capabilities and attribute presentation. But for a first version, and a free tool at that, it’s a welcome addition to the tool-kit.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s