How can I list the Active Directory user attributes from a linux computer?

Solution 1:

You can use ldapsearch to query an AD Server. For example, the following query will displya all attributes of all the users in the domain:

ldapsearch   -x -h adserver.domain.int -D "[email protected]" -W -b "cn=users,dc=domain,dc=int"

Command options explained:

-x use simple authentication (as opposed to SASL)
-h your AD server
-D the DN to bind to the directory. In other words, the user you are authenticating with.
-W Prompt for the password. The password should match what is in your directory for the the binddn (-D). Mutually exclusive from -w.
-b The starting point for the search

More info: http://www.openldap.org/software/man.cgi?query=ldapsearch&apropos=0&sektion=0&manpath=OpenLDAP+2.0-Release&format=html

Solution 2:

A much simpler command is

id myuser@MYDOMAIN

For this command to work, your machine must have already joined the domain; you can verify that via

realm list

Tags:

Linux

Active Directory

Attributes

Related