[Date Prev][Date Next]
Re: ldapsearch of Active Directory?
"Vsevolod (Simon) Ilyushchenko" wrote:
> Hi all (and privet to Andrew),
> Thanks a lot for the answers!
> What are the bind dn and and the administrator password called in the
> Microsoft world? (That is, what are the words I have to say to the
> Windows admin? :)
It depends. Is it a test AD environment or a production one? I don't think
M$ admin would be too happy to give you the admin password for your production
If it's a test, then the admin dn is usually CN=Administrator,CN=Users,DC=<your
Also, try using MMC and explore your tree. At this point my frustration with AD
involves its user naming scheme. It insists on the CN attribute as a user RDN,
I don't think this would work well in an enterprise environment with hundreds of
with identical names.
How are other people coping with that?
> I have tried using the "managedBy" DN from the root node as the bind DN.
> (It was our Windows admin's account.) I got this:
> ---cut here
> version: 2
> # filter: (objectclass=*)
> # requesting: ALL
> # search result
> search: 2
> result: 1 Operations error
> text: 000020D6: SvcErr: DSID-03100690, problem 5012 (DIR_ERROR), data 0
> # numResponses: 1
> ---cut here
> This is not a simple "invalid password" error, as I tried a bad password
> and got a different "Invalid credentials" error.
> Andrew Petrov wrote:
> > Hi,
> > I tried a similar search, but used the administrator account as bind dn.
> > I got a lot more data, but not all the attributes (such as passwords).
> > Anyone tried to use Net::LDAP for this?
> > Thanks,
> > - Andrew.
> > "Vsevolod (Simon) Ilyushchenko" wrote:
> >>I am trying to access AD using ldapsearch like this:
> >>ldapsearch -x -h server -b "dc=our-domain,dc=com"
> >>Instead of the expected list of all users I get a whopping 17 entries:
> >>The first one is what I presume to be the root node, with managedBy,
> >>masteredBy etc attributes, and the rest describe root DNS servers. And
> >>then there is a reference to a CN=Configuration entry.
> >>A similar search run on an Openldap server produces the complete dump.
> >>Does anyone have an idea of how to do a similar dump of AD? Or do I have
> >>to bind in order to do it?
> >>Simon (Vsevolod ILyushchenko) firstname.lastname@example.org
> >> http://www.simonf.com
> >>"Large software projects are like werewolves because
> >>they transform unexpectedly from the familiar into horrors."
> >> Fred Brooks
> > --
> > email@example.com (718) 403-2854
> > "Nothing is impossible, it's just a matter of time and money."
> Simon (Vsevolod ILyushchenko) firstname.lastname@example.org
> "Large software projects are like werewolves because
> they transform unexpectedly from the familiar into horrors."
> Fred Brooks
email@example.com (718) 403-2854
"Nothing is impossible, it's just a matter of time and money."