Tutorial: Active Directory as a powerful LDAP server: the unknown tips

Alban Meunier

SmartWave SA


Over years of rumors and fights between pro and anti Microsoft, I propose to go through the LDAP implementation of Microsoft Active Directory just with facts. Well known and hidden features are part of this review. Every item of the agenda is widely illustrated with examples, screen-shots, command lines, syntax, MS references. The slide show is designed like a Vade-mecum for any LDAP technician faced with Active Directory.


Attendees should have a basic understanding of LDAP. Attending the Fast-Start track earlier in the day will provide a sufficient grounding.


  • Active Directory context
    • NT inheritance
    • budget pressure
    • implemented everywhere
  • Standard vs proprietary
    • Winner and loosers
  • Schema
    • standard
    • Microsoft
    • MS Exchange extension
    • NIS
    • Your own extension
  • Common objects
    • users
    • groups
    • contacts
    • computers
    • others
  • Windows domain
    • SSID
    • replication
    • global catalog
    • common issues
  • Group membership
    • the cross domain challenge
    • the nested groups
  • Password policy
    • change password
    • basic user attributes
    • advanced password policies
  • Authentication
    • user identification
    • id/password
    • kerberos
    • strong authentication
  • ACL
    • default behavior
    • MS common extension
    • advanced ACL
  • Logs
  • Tools
    • ADAC vs ADUC
    • dedicated tools
    • Powershell
  • Looking around
    • AD LDS
    • ADFS
    • Microsoft Azure Active Directory
  • Conclusion