Run the Database Update Script

You can run the LDBUpdate script from the command-line or from the BeyondTrust Management Console.

The LDBUpdate script is a batch program for Windows that reads information from Active Directory and writes it to the AD Bridge Enterprise database so you can generate reports about computers and users in Active Directory. You can run the update script on demand from the BeyondTrust Management Console, or you can set it up as a scheduled task.

If the information in Active Directory has changed since you last ran the script and if you want those changes included in your reports, run the script before you generate your reports.

To access Active Directory, the LDBUpdate script uses the LDAP and RPC ports.

The Update DB button will only be enabled if the update utility is available on the current machine. The AD Bridge Enterprise installer allows you to select whether the utility is installed on a machine.

Ensure the following is in place before you run the script:

  • To run the utility, the current user must have privileges to read and write to any table in the Enterprise database.
  • The Windows administrative workstation where you run the script must be connected to Active Directory.
  • The user account that runs the script must have at least read permission for objects and child objects in Active Directory.

To run LDBUpdate from the console:

  1. In the BeyondTrust Management Console, on the File menu, click Add/Remove Plug-in.
  2. Click Add.
  3. Click Audit and Access Reporting, and then click Add.
  4. Click Close, and then click OK.
  5. An image of the Audit and Access Reporting > Advanced option in the BeyondTrust Management Console.

  6. In the console tree, click the Audit and Access Reporting node and then click Advanced.

An image of the Update DB option on the Advanced Reporting Options: Database Configuration screen.

  1. Click Update DB, and then click Run.


  1. Click Close.

Run the Database Update Script from the Command Line

To view the command-line options for LDBUpdate, run the following command:

C:\Program Files\BeyondTrust\PBIS\Enterprise>ldbupdate.exe /? Usage:  LDBUpdate OPTIONS
Where OPTIONS include:
-f LDAPPATH Path of the forest to synchronize; required
-d FQDN Domain (in forest or in trusts) to process; can repeat
-o FILE Send output to FILE
-p PROVIDER Use PROVIDER as the database type(default: System.Data.SqlClient)
-c STRING Use STRING as the database connection parameter
-nogpo Don't analyze GPOs (faster)
-v Display verbose output
--force Ignore the database status and perform update even if marked as busy
--debug Display debug level output
--transaction Perform all database operations under a single transaction.
Allow interactions to the database with reporting tools while
update is performed in the background.
--class STRING Identify the objects to update, leaving others as is from a
previous update.(Examples: Users, Groups, GPOLinks, GPOs, Computers).
Can be repeated to identify several class types
LDBUpdate --class Users --class Groups -f <domain>...
--help Displays this usage information
If the -d option is not specified, all the domains in the forest and inany trusted forests will be processed.

Here is an example of how to use the command-line utility to set the provider and the connection string for a SQL Server database:

ldbupdate.exe -f dc=example,dc=com -p System.Data.SqlClient -c "Data Source=RVLN-BUILD; Initial Catalog=LikewiseEnterprise; Integrated Security=True" --force