Useful LDAP Queries Against any Directory Service

Hello there,

I want to share with you some useful LDAP Quires against any directory services using ldapsearch utility. The examples listed below is being done against Active Directory Domain controller Global Catalog.

1. Get Specific Attributes from your Search Filter

ldapsearch -LLL -H ldap://x.x.x.x:3268/ -x -D "" -w 123456 -b "dc=com" -s sub "(&(objectClass=user)(sAMAccountName=sghaida))" dn cn title sAMAccountName userPrincipalName mail

2. Search user by mail and eliminate contact any object which inherited Contact objectClass

ldapsearch -L -b "dc=com" -D "" -x -w 123456 -h -p 3268 "(&(!(objectClass=contact))(objectClass=user)(mail=$1))"

3. Search users by sAMAccountName taking into consideration that machines are users from Active directory point of view so we will eliminate that by not including any object inheres computer objectClass

ldapsearch -L -b "dc=com" -D "" -x -w 123456 -h -p 3268 "(&(!(objectClass=computer))(objectClass=user)(sAMAccountName=$1))"

4. get the email Addresses for Specific UPN


email=`ldapsearch -b "dc=com" -D "DOMAIN\\test" -x -w 123456 -h x.x.x.x -p 3268 "(userPrincipalName=$1)"|\
    grep ^mail: | awk '{printf $2" "}'`
echo -e " $1 $email "</pre>

I hope that it helped. I will update this document if any new things came across my mind.

Posted in Network, Shell Scripting, System Administartion and tagged , , , , , , , , , , , . Bookmark the permalink. RSS feed for this post. Leave a trackback.

One Response to Useful LDAP Queries Against any Directory Service

  1. BruceR says:

    Thanks that was useful, I think some extra characters have crept in there after the &

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Swedish Greys - a WordPress theme from Nordic Themepark.