You can use ldapsearch to see the properties of user and computer objects in Active Directory.
ldapsearch -LLL -x -D username -w password -h DCNAME -b dc=contoso,dc=local "(anr=Yamada)"
However, this has the following problems and cannot be seen properly.
--Base64 encoded strings are displayed when double-byte characters are included in the attribute value --Date and time are displayed as 18-digit numbers --Unnecessary attributes such as userCertificate are also displayed
I wrote a filter to solve these problems. I think it would be convenient to call it with a shell script like this.
dc=dccomputername
user=ldapuser
pass=ldapuserpassword
base="dc=contoso,dc=local"
disp="cn displayName company telephoneNumber physicalDeliveryOfficeName description title mail sAMAccountName"
ldapsearch -LLL -x -D $user -w $pass -h $dc -b $base "(anr=$1)" $disp | adfilter.py
adfilter.py
#!/usr/bin/env python
#coding: utf-8
import os, sys
import datetime
import re
import base64
input_file = sys.stdin.read()
#Concatenate Base64 lines
r = re.compile('\n ', re.MULTILINE)
f = re.sub(r, '', input_file)
input = f.split('\n')
#Records not to display
ignore_record = ('^objectGUID','^objectSid','^userParameters','^logonHours','^userCertificate','^mSMQSignCertificates','^mSMQDigests')
re_ignore_record = re.compile(r'\b(' + ('|'.join(ignore_record)) + r')\b')
# ActiveDirectory datetime record
ad_date_value = (
'^badPasswordTime', '^lastLogon', '^pwdLastSet', '^lastLogonTimestamp', '^accountExpires'
)
re_ad_date_value = re.compile(r'\b(' + ('|'.join(ad_date_value)) + r')\b')
for line in input:
if line and re_ignore_record.search(line):
#print line
pass
elif re.search(r'::',line):
#Decode Base64
try:
japanese = line.split(":: ")
b64_string = japanese[1]
decoded_string = base64.b64decode(b64_string)
print '%s:: %s' % (japanese[0], decoded_string)
except:
print line
elif line and re_ad_date_value.search(line):
try:
ldap_attributes = line.split(": ")
ldap_adtime = int(ldap_attributes[1])
ldap_unixtime = (ldap_adtime/10000000)-11644473600
d = datetime.datetime.fromtimestamp(ldap_unixtime)
ldap_datetime = d.strftime("%Y-%m-%d %H:%M:%S")
print '%s: %s' % (ldap_attributes[0], ldap_datetime)
except:
print line
# pass
else:
print line