• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Mister PKI

SSL Certificates * SSL Tools * Certificate Decoder

  • Buy SSL Certificates
  • Blog
  • OpenSSL
  • Keytool
  • SSL Tools
  • Donate

ldapsearch Active Directory

June 17, 2022 by Mister PKI Leave a Comment

The purpose of this article is to demonstrate how to use ldapsearch with Active Directory. Microsoft’s Active Directory is an Ldap implementation running on domain services in a Microsoft environment.

This article is geared towards directory administrators coming from a Linux environment using OpenLDAP now working in a Microsoft environment using Active Directory, or AD for short. While we do not claim that ldapsearch is the better tool to use, we do claim that sometimes it is easiest to use the tools you already have experience with. You have landed here for a reason and that is to learn how to use the ldapsearch tool, commonly used with OpenLDAP implementation, with Active Directory.

You may also work in a mixed environment of both Linux and Windows, but your directory services are Active Directory and not OpenLDAP. In that case, you can still follow along to learn how to use ldapsearch from a Linux host to Active Directory.

Install ldapsearch on Windows

If you are a Linux engineer working in a Windows environment we recommend going ahead and installing WSL2 on your Windows machine. These instructions will assume you are working in WSL2. The WSL2 version we are using is Ubuntu, so Ubuntu users can follow along with these instructions as well.

Open a terminal and the run the following command to install ldap-utils:

sudo apt install ldap-utils

Not that ldap-utils are intalled you can use the ldapsearch command to query Active Directory.

ldapsearch examples Active Directory

Query an account

ldapsearch -H ldap://example.com -x -W -D "testuser@example.com" -b "dc=example,dc=com" "(sAMAccountName=testuser)" "attr1" "attr2"

The above command will search for a given account provided by a filter and will display the requested attributes.

Options

OptionDescription
-HThe Active Directory host
-xUse simple authentication with a username and password instead of SASL
-WPrompt for password
-DThe DN of the user you are authenticating with
-bThe base DN of where you want to start your search

After all of the options are provided you must give a filter to narrow down your results. In this case, "(sAMAccountName=testuser)" is the filter. The filter is followed by the specific attributes you wish to display.

Compare this to the Powershell command to get an AD (Active Directory) user.

Get-ADUser -identity testuser -Properties * | select attr1, attr2

It really comes down to which tool you are more comfortable with, ldapsearch or Powershell.

Conclusion

This article has demonstrated how to use ldapsearch with Active Directory. Let us know in the comments if you have any questions or would like to see more examples and go in more depth on the ldapsearch tool. Read more of our articles.

Uncategorized ldap

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Posts

PKCS12

openssl s_client

Keytool

Keytool list

ECDSA vs RSA

OpenSSL

PKCS7

Certificate Decoder

Training Courses

Top online courses in IT & Software

Cyber Security Training

Udemy - The Complete Internet Security Privacy Course icon

Buy SSL Certificates

The SSL Store

Comodo Store

Sectigo Store

RapidSSL

Recent Posts

  • pfx password
  • pkcs12
  • Sendmail vs Postfix – Mail Transfer Agent Comparison
  • Python mock datetime now
  • Python get SSL Certificate

Footer

  • Twitter
  • YouTube

Pages

  • About Mister PKI
  • Blog
  • Compare and Buy Affordable PKI Certificates
  • Contact Us
  • Full Disclosure
  • Privacy Policy
  • SSL Tools – Certificate Decoder and Certificate Checker

Copyright © 2022