title: Searching Active Directory with ldapsearch link: https://onemoretech.wordpress.com/2008/01/30/searching-active-directory-with-ldapsearch/ author: lembobro description: post_id: 565 created: 2008/01/30 19:57:41 created_gmt: 2008/01/30 19:57:41 comment_status: open post_name: searching-active-directory-with-ldapsearch status: publish post_type: post

Searching Active Directory with ldapsearch

If you think there isn’t a trick to this, that means you’ve never tried it — leastways not on an Active Directory container that has more than 1,000 objects in it (or whatever the search limit has been set to in your environment).

Welcome to the wonderful world of the Simple Paged Results Control, highlighted elsewhere on this blog in relation to AD searches using Perl.

Here’s the magic syntax (using the OpenLDAP version of ldapsearch):

`

ldapsearch -x -LLL -E pr=200/noprompt -h [AD Host] -D
[AD User] -w [AD Pass] -b [Base DN] -s sub "([LDAP Filter])" [attr list]

`

So, for example:

ldapsearch -x -LLL -E pr=200/noprompt -h testad.example.com
-D "[email protected]" -w 123456 -b "cn=users,
dc=testdomain, dc=example,dc=com" -s sub "(cn=*)" cn mail sn

`

So much for ease of use and Microsoft Products.

Copyright 2004-2019 Phil Lembo