Ldap Queries against microsoft Active directory


Pinoy Techie
Hello there,

I want to share with you some useful LDAP Quires against any directory services usingldapsearch utility.

examples listed below is being done against Active Directory Domain controller Global Catalog.

1. Get Specific Attributes from your Search Filter

ldapsearch -LLL -H ldap://x.x.x.x:3268/ -x -D "[email protected]" -w 123456 -b "dc=com" -s sub "(&(objectClass=user)(sAMAccountName=sghaida))" dn cn title sAMAccountName userPrincipalName mail

2. Search user by mail and eliminate contact any object which inherited Contact objectClass

ldapsearch -L -b "dc=com" -D "[email protected]" -x -w 123456 -h -p 3268 "(&(!(objectClass=contact))(objectClass=user)(mail=$1))"

3. Search users by sAMAccountName taking into consideration that machines are users from Active directory point of view so we will eliminate that by not including any object inheres computer objectClass

ldapsearch -L -b "dc=com" -D "[email protected]" -x -w 123456 -h -p 3268 "(&(!(objectClass=computer))(objectClass=user)(sAMAccountName=$1))"

4. get the email Addresses for Specific UPN

#!/bin/bash email=`ldapsearch -b "dc=com" -D "DOMAIN\\test" -x -w 123456 -h x.x.x.x -p 3268 "(userPrincipalName=$1)"|\ grep ^mail: | awk '{printf $2" "}'` echo -e " $1 $email "

I hope that it helped. I will update this document if any new things came across my mind.
Top Bottom