Active Directory – Listing User Attributes from a Linux Computer

active-directoryattributeslinux

How can I list the Active directory user attributes from a Linux computer?
The Linux computer is already joined to the domain. I can use 'getent' to get the user and group information, but it does not display the complete active directory user attributes.

Best Answer

You can use ldapsearch to query an AD Server. For example, the following query will displya all attributes of all the users in the domain:

ldapsearch   -x -h adserver.domain.int -D "user@domain.int" -W -b "cn=users,dc=domain,dc=int"

Command options explained:

-x use simple authentication (as opposed to SASL)
-h your AD server
-D the DN to bind to the directory. In other words, the user you are authenticating with.
-W Prompt for the password. The password should match what is in your directory for the the binddn (-D). Mutually exclusive from -w.
-b The starting point for the search

More info: http://www.openldap.org/software/man.cgi?query=ldapsearch&apropos=0&sektion=0&manpath=OpenLDAP+2.0-Release&format=html

Related Solutions

Windows Active Directory – Command Line to List Users in a Group

try

dsget group "CN=GroupName,DC=domain,DC=name,DC=com" -members

Ldap – Active Directory, Linux, and User Private Groups

I also ran into the same problem. After reading a lot of docs I came up with the following "solution":

To workaround the name clashes I renamed User Private Groups by adding a "g" character at the beginning. For example: User=erik, Group=erik. Now on active directory I named the group "gerik". This way I can continue concentrating on AD migration without thinking about the User Private Groups problem right now.
Slowly stop using User Private Groups as this does not seem to be the way to go - at least when using Active directory. This can be done by creating a new group like "unixgrp" or using "Domain Users", but I do not like "Domain Users" because that name is so long when displaying files with "ls".
be careful when migration from User Private Groups to a common group like "unixgrp". Do not just change the group of all files to "unixgrp". If for example a user has group write permissions on a file owned by his user private group and you change the group to "unixgrp", then all users in "unixgrp" will also have write access to that file. So some kind of script has to modify permissions the right way... have fun with that!

I admit that the only real solution whould be to somehow support User Private Groups when using active directory. But I do not know how...

Best Answer

Related Solutions

Windows Active Directory – Command Line to List Users in a Group

Ldap – Active Directory, Linux, and User Private Groups

Related Topic