Hello there,
I want to share with you some useful LDAP Quires against any directory services usingldapsearch utility.
examples listed below is being done against Active Directory Domain controller Global Catalog.
1. Get Specific Attributes from your Search Filter
ldapsearch -LLL -H ldap://x.x.x.x:3268/ -x -D "[email protected]" -w 123456 -b "dc=com" -s sub "(&(objectClass=user)(sAMAccountName=sghaida))" dn cn title sAMAccountName userPrincipalName mail
2. Search user by mail and eliminate contact any object which inherited Contact objectClass
ldapsearch -L -b "dc=com" -D "[email protected]" -x -w 123456 -h 10.1.0.75 -p 3268 "(&(!(objectClass=contact))(objectClass=user)(mail=$1))"
3. Search users by sAMAccountName taking into consideration that machines are users from Active directory point of view so we will eliminate that by not including any object inheres computer objectClass
ldapsearch -L -b "dc=com" -D "[email protected]" -x -w 123456 -h 10.1.0.75 -p 3268 "(&(!(objectClass=computer))(objectClass=user)(sAMAccountName=$1))"
4. get the email Addresses for Specific UPN
#!/bin/bash email=`ldapsearch -b "dc=com" -D "DOMAIN\\test" -x -w 123456 -h x.x.x.x -p 3268 "(userPrincipalName=$1)"|\ grep ^mail: | awk '{printf $2" "}'` echo -e " $1 $email "
I hope that it helped. I will update this document if any new things came across my mind.
I want to share with you some useful LDAP Quires against any directory services usingldapsearch utility.
examples listed below is being done against Active Directory Domain controller Global Catalog.
1. Get Specific Attributes from your Search Filter
ldapsearch -LLL -H ldap://x.x.x.x:3268/ -x -D "[email protected]" -w 123456 -b "dc=com" -s sub "(&(objectClass=user)(sAMAccountName=sghaida))" dn cn title sAMAccountName userPrincipalName mail
2. Search user by mail and eliminate contact any object which inherited Contact objectClass
ldapsearch -L -b "dc=com" -D "[email protected]" -x -w 123456 -h 10.1.0.75 -p 3268 "(&(!(objectClass=contact))(objectClass=user)(mail=$1))"
3. Search users by sAMAccountName taking into consideration that machines are users from Active directory point of view so we will eliminate that by not including any object inheres computer objectClass
ldapsearch -L -b "dc=com" -D "[email protected]" -x -w 123456 -h 10.1.0.75 -p 3268 "(&(!(objectClass=computer))(objectClass=user)(sAMAccountName=$1))"
4. get the email Addresses for Specific UPN
#!/bin/bash email=`ldapsearch -b "dc=com" -D "DOMAIN\\test" -x -w 123456 -h x.x.x.x -p 3268 "(userPrincipalName=$1)"|\ grep ^mail: | awk '{printf $2" "}'` echo -e " $1 $email "
I hope that it helped. I will update this document if any new things came across my mind.