• Console : Active Directory Administrative Center
• Know the LDAP structure thanks to ldp.exe

In case you don't know it, Active Directory has several partitions (configuration, schema, ...) which can be consulted via the LDAP protocol thanks in particular to the "ADSI Edit" program present on all domain controllers.

1. Know the LDAP structure of your domain
2. Display the contents of the Active Directory Configuration partition
3. Display the contents of the Active Directory Schema partition
4. Display the contents of the ForestDnsZones partition of the Active Directory
5. Display the contents of the DomainDnsZones partition of the Active Directory

1. Know the LDAP structure of your domain

To find out the LDAP structure of your domain, launch the "ADSI Edit" program and right-click "Connect to" on the "ADSI Edit" node.

By default, the "ADSI Edit" program will use the default naming context.
In other words, it will connect to your Active Directory domain.

If you click on the "Advanced" button, you can use a different user account if needed.
By default, the account used will be the one you are currently logged into the server with.

As you can see, the displayed folder list looks very similar to the one displayed by the "Active Directory Users and Computers" console.
Nevertheless, here you quickly see the difference between the container (CN) and the organization units (OU).
Organization units (OUs) can be used to manage the application of group policies, unlike containers (CN) which are not designed for this.

If we go into the "Users" container (CN), we find our "InformatiUser" user and we see that this object is based on the "user" class of the Active Directory schema.

If you right click "Properties" on this object, you will find the list of attributes available for this type of object and their values when defined.
Among these attributes, you will always find the "distinguishedName" attribute which corresponds to the unique name of each object.
To see the full value, select this "distinguishedName" attribute and click the "Show" button.

The entire value is displayed in a new window.

If you look at the other attributes available, you will see that we can for example add a phone number (homePhone) and a postal address (homePostalAddress) for users.

2. Display the contents of the Active Directory Configuration partition

To view the contents of the Configuration partition of your Active Directory domain, specify "Configuration" as the name and select the "Configuration" naming context.

In this "Configuration" partition, you will find in particular the configuration linked to the Active Directory sites with the various associated subnets.

To get the path of partitions that are not available in the "Select a well known Naming Context" list of this "ADSI Edit" program, just open the "CN=Partitions" folder.
In this "Partitions" container, you will find the path to the Active Directory partitions :

• Configuration : DC=Configuration,DC=informatiweb,DC=lan
• Schema : CN=Schema,DC=Configuration,DC=informatiweb,DC=lan
• the "ForestDnsZones" application partition : DC=ForestDnsZones,DC=informatiweb,DC=lan
• the "DomainDnsZones" application partition : DC=DomainDnsZones,DC=informatiweb,DC=lan

3. Display the contents of the Active Directory Schema partition

To view the contents of the Schema partition of your Active Directory domain, specify "Schema" as the name and select the "Schema" naming context.

As you can see, the Active Directory schema is composed of :

• many classes : classSchema
• many attributes : attributeSchema

Among the available classes, you will find in particular those used to create these type objects : computer (CN=Computer), group (CN=Group) and user (CN=User),

For the "CN=User" class, you will see that it has, for example, the "displayName" attribute.

4. Display the contents of the ForestDnsZones partition of the Active Directory

The ForestDnsZones partition is an application partition of the Active Directory that is present when the DNS zones are integrated into the Active Directory.
Although the "ADSI Edit" program doesn't offer it by default in the list of known well naming contexts, it's still possible to consult it if you have its path.

To know it, you have 2 possibilities :

• use the "ldp.exe" program and go to "View -> Tree"
• display the contents of the "Configuration" partition here, to then find the link of the partition in the "CN=Partitions" folder (as explained at step 2 of this tutorial)

In your case, the path to the "ForestDnsZones" partition will look like this : DC=ForestDnsZones,DC=informatiweb,DC=lan

To view the contents of this partition, type "ForestDnsZones" as the name, then select "Select or type a distinguished Name or Naming Context" and type the path shown above.

As you can see, you will find in particular the "_msdcs" special DNS zone created by Active Directory.

5. Display the contents of the DomainDnsZones partition of the Active Directory

To display the contents of the "DomainDnsZones" application partition of your Active Directory domain, the principle is the same as for the previous partition.
Specify "DomainDnsZones" as the name, select "Select or type a distinguished Name or Naming Context" and type the path : DC=DomainDnsZones,DC=informatiweb,DC=lan

The contents of the "DomainDnsZones" partition appear.
In this partition, you will find a "CN=MicrosoftDNS" folder with the DNS zone corresponding to your Active Directory domain (in our case : informatiweb.lan).
In this folder, you will find the information corresponding to the DNS records of the corresponding DNS zone.

For example, in our case, we find the "DC=win10" data which corresponds to the "win10" DNS record displayed in the "informatiweb.lan" zone of our DNS server.