I hate Microsoft crap. Most of you probably already know that.
Every time I need to do an ldap bind against AD, I end up banging my head against the wall for at least 10 minutes. Granted, I’m not much of a MS guy, or even an LDAP guru, but it seems to me that Microsoft might make it a bit easier to view the LDAP schema. Most external authentication services/tools that have to bind to AD need to know what the base DN is. Guess how many Windows admins I’ve run across that can answer that question? Try none.
In order to view the schema, you’re forced to use a couple tools from the Support CD, ldp.exe and/or adsiedit.msc. Guess how many Windows admins have these tools installed? Try none.
You may be able to use the built-in Active Directory to find this information, but I don’t think so. I’ve looked several times.
This post will serve two purposes. The first was to bitch about MS and/or Windows. I honestly don’t understand why people subject themselves to such madness. Moving on….
The second purpose is to document, once and for all, the command I need to search an LDAP schema from my linux laptop. Rather than google it, I’ll be able to refer here when I need to do this again.
ldapsearch -x -b dc=domain,dc=tld -D cn=Administrator,cn=Users,dc=domain,dc=tld -h x.x.x.x -W
Of course, the command needs to be tweaked to the AD environment in question.
You may be wondering why I hadn’t just documented this here before. Because I’m an idiot, that’s why!
UPDATE: I found a win32 command to display User DN’s:
dsquery user dc=domain,dc=tld
Entries (RSS)
Guess you never asked me Dave. I know how to figure out a base DN.