|ldapsearch is one of the standard tools included with OpenLDAP to query LDAP directories. Because Active Directory is ldap compliant, it can be queried as well!|
First, a command. Fear not, it will be broken down into it's components
ldapsearch -Hldap://dc.domain.com -tt -x -D "
email@example.com" -b "dc=domain,dc=com" -W -L "cn=computerobject"Now to break it down:
This is the fully qualified name of a domain controller, with the ldap:// URL preceding it. Note that it is not using SSL
This option is not exposed in the manual page. It will write all values to a temporary directory. On OS X, it writes to /private/var/tmp
Simple authentication. It is not using SSL or any form of encryption to communicate the username and password
The account which should be used to bind. Because this query is being directed against Active Directory, the short form can be used of firstname.lastname@example.org.
The base search path. Usually, the base search path is the top level domain being queried, i.e. dc=domain,dc=com, if your Active Directory domain is domain.com
This prompts for the password, so that it does not need to be entered with the command.
Responses are printed in LDIFv1 format.
The last item in the command is the item that is being queried for. In this case, a computer object is being queried.
So what is returned?
Issuing the above command, against my Active Directory returns the following files in
Any of the files can be parsed, returning useful information about the object in question.
What if querying AD using plaintext isn't what you would like? There are other options!
This option can be added, and it will use SASL quiet mode. Usually, when using this option, it is best to get a kerberos ticket from Active Directory with kinit. Here's the general workflow:
ldapsearch -Hldap://domaincontroller.domain.com -b "dc=domain,dc=com" -Q -L cn=computerobjectname
A couple of notes about this command. Note the -Q option, so no password is required. This command will also return the results of the query back at the command line, without storing the information.
One last command, typically, when joining a machine to Active Directory, retrieving the correct OU path used when joining any machine is the most difficult part of joining a machine. Here's a one liner that will extract the complete OU path of any computer object in AD:
ldapsearch -Hldap://domaincontroller.comain.com -b "dc=domain,dc=com" -Q -LLL cn=computerobjectname dn | sed 's/dn: //; N; s/\n //'
This command when sent through sed, returns a nicely formatted piece of text, including the computerobjectname.