How can I list the Active directory user attributes from a Linux computer? The Linux computer is already joined to the domain. I can use 'getent' to get the user and group information, but it does not display the complete active directory user attributes.
Asked
Active
Viewed 1.3e+01k times
4 Answers
25
You can use ldapsearch
to query an AD Server. For example, the following query will displya all attributes of all the users in the domain:
ldapsearch -x -h adserver.domain.int -D "user@domain.int" -W -b "cn=users,dc=domain,dc=int"
Command options explained:
- -x use simple authentication (as opposed to SASL)
- -h your AD server
- -D the DN to bind to the directory. In other words, the user you are authenticating with.
- -W Prompt for the password. The password should match what is in your directory for the the binddn (-D). Mutually exclusive from -w.
- -b The starting point for the search
Diamond
- 8,791
- 3
- 22
- 37
4
A much simpler command is
id myuser@MYDOMAIN
For this command to work, your machine must have already joined the domain; you can verify that via
realm list
dr_
- 1,035
- 11
- 19
1
If the OS is integrated with Active directory, then simply running "id" command should be sufficient to list the AD groups assigned to the user.
The commands like id/gid will give results just the way they do when OS is not integrated with AD.
PFB the sample:
[oracle@wlsserver1~]$ id s_dhan
uid=1356186729(s_dhan) gid=1356000513(domain users) groups=1356000513(domain users),1356162912(linux-skl-prod-login),1356177219(linux-tom-dv-login),....