Query Active Directory with ldapsearch

These use OpenLDAP ldapsearch v2.4.21 to query an Active Directory server.

General command format:

imac:/Users/chrisl/ 1$ ldapsearch -LLL -x -h HOSTNAME -D USER@DOMAIN -W -b dc=vc,dc=example,dc=com "sAMAccountName=chrisl" mail

Simple username (sAMAccountName) to mail lookup:

imac:/Users/chrisl/ 2$ ldapsearch -LLL -x -h dc1.vc.example.com -D chrisl@vc.example.com -W -b dc=vc,dc=example,dc=com "sAMAccountName=chrisl" mail

Get all the users that have an email address defined:

imac:/Users/chrisl/ 2$ ldapsearch -LLL -x -h dc1.vc.example.com -D chrisl@vc.example.com -W -b dc=vc,dc=example,dc=com "(&(objectclass=user)(mail=*))" userPrincipalName

Query the Global Catalog of all domains:

imac:/Users/chrisl/ 3$ ldapsearch -LLL -x -h dc1.vc.example.com -p 3268 -D chrisl@vc.example.com -W -b '' "userPrincipalName=chrisl@vc.example.com" mail

List all the domains the Global Catalog knows about (this will also give you the netbios name of the domain)

imac:/Users/chrisl/ 4$ ldapsearch -LLL -x -h dc1.vc.example.com -p 3268 -D chrisl@vc.example.com -W "(objectclass=domaindns)" dn name dc

Use paging to prevent “Size limit exceeded errors”:

imac:/Users/chrisl/ 5$ ldapsearch -LLL -x -h dc1.vc.example.com -D chrisl@vc.example.com -W -E pr=1000/noprompt -b dc=vc,dc=example,dc=com "(&(objectclass=user)(mail=*))"

Ask AD to recursively find all the groups a user is a member of (can have poor performance on very large directories):

imac:/Users/chrisl/ 6$ ldapsearch -LLL -x -h dc1.vc.example.com -D chrisl@vc.example.com -W -b 'dc=vc,dc=example,dc=com' '(member:1.2.840.113556.1.4.1941:=CN=Chris Lloyd,OU=People,DC=vc,DC=example,DC=com)' cn