{"id":34668,"date":"2024-08-03T00:03:57","date_gmt":"2024-08-02T22:03:57","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=34668"},"modified":"2024-07-27T11:15:07","modified_gmt":"2024-07-27T09:15:07","slug":"active-directory-tool-ldp-has-a-built-in-sddl-editor-and-text-exporter","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2024\/08\/03\/active-directory-tool-ldp-has-a-built-in-sddl-editor-and-text-exporter\/","title":{"rendered":"Active Directory tool LDP has a built-in SDDL editor and text exporter"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" title=\"Windows\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Windows-klein.jpg\" alt=\"Windows\" width=\"200\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2024\/08\/03\/active-directory-tool-ldp-hat-einen-eingebauten-sddl-editor-und-text-exporter\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]I'm putting a topic for administrators in the blog &#8211; it may be widely known. I myself am not so well versed in the AD area and the available tools. In Windows, there is the LPD.exe tool, which contains both an SDDL editor and an SDDL-to-text converter. If you are not yet familiar with it, it may be of interest. Here is some background information on this topic, which I came across some time ago.<\/p>\n<p><!--more--><\/p>\n<h2>What ist LDP?<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg09.met.vgwort.de\/na\/d314679c63f34059bf1cf4b00cbb62ca\" alt=\"\" width=\"1\" height=\"1\" \/>Ldp is a Windows Explorer-like tool based on a graphical user interface (GUI), which is used for navigation in the Active Directory (AD). In the left-hand column of the tool, you can navigate through the Active Directory namespace, while the results of the LDAP operations are displayed in the right-hand detail area. Any text displayed in the detail area can be selected with the mouse and copied to the clipboard.<\/p>\n<p>ldp.exe kann zum Beispiel zum Suchen von LDAP-Server verwendet werden, wie Cisco <a href=\"https:\/\/www.cisco.com\/c\/de_de\/support\/docs\/unified-communications\/jabber\/212109-How-to-Use-LDP-EXE-to-Search-LDAP-Server.html\" target=\"_blank\" rel=\"noopener\">hier beschreibt<\/a>. Eine weitere Beschreibung zur AD-Verwaltung mit LDP findet sich <a href=\"https:\/\/netz-weise-it.training\/images\/dokus\/LDP%20benutzen.pdf\" target=\"_blank\" rel=\"noopener\">hier<\/a>.<\/p>\n<p>Ldp can be used to search for LDAP servers, for example, as Cisco <a href=\"https:\/\/www.cisco.com\/c\/de_de\/support\/docs\/unified-communications\/jabber\/212109-How-to-Use-LDP-EXE-to-Search-LDAP-Server.html\" target=\"_blank\" rel=\"noopener\">describes here<\/a>. Microsoft provides some information on ldp.exe in <a href=\"https:\/\/learn.microsoft.com\/en-us\/previous-versions\/windows\/it-pro\/windows-server-2012-r2-and-2012\/cc771022(v=ws.11)\" target=\"_blank\" rel=\"noopener\">this support document<\/a> &#8211; and <a href=\"https:\/\/learn.microsoft.com\/de-de\/windows-server\/identity\/ad-ds\/manage\/component-updates\/directory-services-component-updates\" target=\"_blank\" rel=\"noopener\">this document<\/a> from Microsoft employees shows how to activate statistics in LDP.<\/p>\n<h2>Security Descriptor Definition Language (SDDL)<\/h2>\n<p>SSDL stands for Security Descriptor Definition Language. The Security Descriptor Definition Language (SDDL) is <a href=\"https:\/\/learn.microsoft.com\/de-de\/windows-hardware\/drivers\/kernel\/sddl-for-device-objects\" target=\"_blank\" rel=\"noopener\">used<\/a> to represent security descriptors. The security for device objects can be specified by an SDDL string that is placed in an INF file or transferred to IoCreateDeviceSecure.<\/p>\n<p>SSDL steht f\u00fcr Security Descriptor Definition Language. Die Security Descriptor Definition Language (SDDL) wird <a href=\"https:\/\/learn.microsoft.com\/de-de\/windows-hardware\/drivers\/kernel\/sddl-for-device-objects\" target=\"_blank\" rel=\"noopener\">verwendet<\/a>, um Sicherheitsdeskriptoren darzustellen. Die Sicherheit f\u00fcr Ger\u00e4teobjekte kann durch eine SDDL-Zeichenfolge angegeben werden, die in einer INF-Datei platziert oder an <em>IoCreateDeviceSecure<\/em> \u00fcbergeben wird.<\/p>\n<h2>LDP.exe with SDDL editor and text exporter<\/h2>\n<p>I came across this topic on X via the following <a href=\"https:\/\/x.com\/SamErde\/status\/1742646220642816298\" target=\"_blank\" rel=\"noopener\">tweet<\/a> from Sam Erde. He asks: Did you know that the good old LDP.EXE has a built-in SDDL editor and a tool for converting SDDL to text?<\/p>\n<p><a href=\"https:\/\/x.com\/SamErde\/status\/1742646220642816298\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"LDP.exe mit SDDL-Editor und Text-Exporter\" src=\"https:\/\/i.postimg.cc\/fWKyr8XN\/image.png\" alt=\"LDP.exe mit SDDL-Editor und Text-Exporter\" \/><\/a><\/p>\n<p>In PowerShell there is also the <a href=\"https:\/\/learn.microsoft.com\/en-us\/powershell\/module\/microsoft.powershell.utility\/convertfrom-sddlstring?view=powershell-7.4&amp;viewFallbackFrom=powershell-7.3\" target=\"_blank\" rel=\"noopener\">ConvertFrom-SddlString<\/a> utility, which can be used for conversion. I have no idea whether all this is known and used. However, I'll post this find splitter here in the blog, maybe an administrator can take advantage of it.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]I'm putting a topic for administrators in the blog &#8211; it may be widely known. I myself am not so well versed in the AD area and the available tools. In Windows, there is the LPD.exe tool, which contains both &hellip; <a href=\"https:\/\/borncity.com\/win\/2024\/08\/03\/active-directory-tool-ldp-has-a-built-in-sddl-editor-and-text-exporter\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[194],"class_list":["post-34668","post","type-post","status-publish","format-standard","hentry","category-windows","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/34668","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=34668"}],"version-history":[{"count":3,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/34668\/revisions"}],"predecessor-version":[{"id":34671,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/34668\/revisions\/34671"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=34668"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=34668"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=34668"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}