Before the AD Recycle Bin, LDP was the standard method for recovering deleted objects. Even today, it offers a way to see and manipulate "tombstoned" objects. To view deleted items:
LDP.exe is a lightweight, graphical LDAP client. LDAP, the Lightweight Directory Access Protocol, is the industry-standard protocol used by directory services like Microsoft Active Directory for querying and modifying data. LDP.exe acts as a client for that protocol, enabling a user to perform core LDAP operations against any compatible directory server.
Add-WindowsCapability -Name "Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0" -Online
On modern client machines, RSAT features are installed as "Optional Features" directly through the Windows Settings application. Open the app (Press Windows Key + I ). Navigate to Apps and click on Optional features . ldp.exe download microsoft
Query the directory using complex LDAP filters to locate specific users, groups, or computer objects.
Finding objects that are protected or hidden from standard GUI tools. Summary Table Description Tool Name LDP.exe (LDAP Client) Source Included in RSAT (Remote Server Administration Tools) OS Windows Server, Windows 10/11 File Location C:\Windows\System32\ldp.exe Purpose LDAP queries, Directory modification, Troubleshooting Alternatives to LDP.exe While ldp.exe is powerful, others prefer these tools: AdsiEdit.msc: Good for quick object editing. PowerShell: Using Get-ADUser or Get-ADObject .
Ldp.exe is an invaluable tool for Active Directory administrators—but only when obtained directly from Microsoft via your existing Windows installation or RSAT. If you ever see a prompt to “download ldp.exe” from an unfamiliar source, treat it as a potential cyberattack. Before the AD Recycle Bin, LDP was the
Unlike standard administrative consoles, LDP.exe does not have safety rails. Accidentally deleting or modifying critical system attributes can corrupt objects or disrupt domain operations. Always verify your target distinguished name (DN) before executing write commands.
If you believe you installed RSAT but still cannot run ldp.exe , here is what to check:
Then restart your computer and try ldp.exe again. LDAP, the Lightweight Directory Access Protocol, is the
If you are an IT administrator or a security engineer troubleshooting Active Directory, you have likely encountered references to (LDAP Debugging Tool). This lightweight utility allows you to perform Lightweight Directory Access Protocol (LDAP) operations—such as search, add, modify, and delete—against any LDAP server, including Microsoft Active Directory.
Or via PowerShell (as admin):
Navigate to > Optional features (or System > Optional features depending on your Windows version). Click Add a feature (or View features ). Type RSAT in the search bar.
on its official Download Center or Microsoft Store. Instead, it is included as part of the Windows operating system and the Remote Server Administration Tools (RSAT).