Active Directory tool LDP has a built-in SDDL editor and text exporter

[German]I'm putting a topic for administrators in the blog – it may be widely known. I myself am not so well versed in the AD area and the available tools. In Windows, there is the LPD.exe tool, which contains both an SDDL editor and an SDDL-to-text converter. If you are not yet familiar with it, it may be of interest. Here is some background information on this topic, which I came across some time ago.

What ist LDP?

Ldp is a Windows Explorer-like tool based on a graphical user interface (GUI), which is used for navigation in the Active Directory (AD). In the left-hand column of the tool, you can navigate through the Active Directory namespace, while the results of the LDAP operations are displayed in the right-hand detail area. Any text displayed in the detail area can be selected with the mouse and copied to the clipboard.

ldp.exe kann zum Beispiel zum Suchen von LDAP-Server verwendet werden, wie Cisco hier beschreibt. Eine weitere Beschreibung zur AD-Verwaltung mit LDP findet sich hier.

Ldp can be used to search for LDAP servers, for example, as Cisco describes here. Microsoft provides some information on ldp.exe in this support document – and this document from Microsoft employees shows how to activate statistics in LDP.

Security Descriptor Definition Language (SDDL)

SSDL stands for Security Descriptor Definition Language. The Security Descriptor Definition Language (SDDL) is used to represent security descriptors. The security for device objects can be specified by an SDDL string that is placed in an INF file or transferred to IoCreateDeviceSecure.

SSDL steht für Security Descriptor Definition Language. Die Security Descriptor Definition Language (SDDL) wird verwendet, um Sicherheitsdeskriptoren darzustellen. Die Sicherheit für Geräteobjekte kann durch eine SDDL-Zeichenfolge angegeben werden, die in einer INF-Datei platziert oder an IoCreateDeviceSecure übergeben wird.

LDP.exe with SDDL editor and text exporter

I came across this topic on X via the following tweet from Sam Erde. He asks: Did you know that the good old LDP.EXE has a built-in SDDL editor and a tool for converting SDDL to text?

In PowerShell there is also the ConvertFrom-SddlString utility, which can be used for conversion. I have no idea whether all this is known and used. However, I'll post this find splitter here in the blog, maybe an administrator can take advantage of it.