XGEN: How to Access Active Directory Using the LocalSystem Account (274585)

MORE INFORMATION

WARNING: If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Exchange 2000 Server, or both. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.

1. Log in to the Exchange server as a member of that server's Administrator group.
2. Use the at command (At.exe) to run an instance of Ldp.exe, running in the LocalSystem context

   at xx:xx /interactive "c:\program files\support tools\ldp.exe"

   where xx:xx is a time that is one minute ahead of current time. Correct the path to Ldp.exe if you have it installed in a different location.
3. Wait for Ldp.exe to open on the console.
4. Click Connection, and then click Connect. Specify a server name, and port. The default port is 389, and the Global Catalog port is 3268.
5. Click Connection, and then click Bind. Verify that Username, Password, and Domain are all empty, and then click OK.

Example:
Note: The at command will only bring interactive processes up onto the console, and not onto a Terminal Server session.

This allow you to view the directory with the same permissions as the LocalSystem account of that Exchange server. All of the Exchange services run under the LocalSystem account. You can now do any search by using Ldp, to verify that the LocalSystem account has the proper credentials. For additional information about searching the directory using LDP, click the article number below to view the article in the Microsoft Knowledge Base: If you are unable to connect or bind, then there may be a permissions problem.