Starting from Win2000. Microsoft abandoned NT domains and used active folders to manage Windows domains. The active folder is Microsoft's folder service based on the LDAP protocol. It is assumed that the 389port of the active folder will be opened by scanning the scanner. And Microsoft has made some changes to the agreement, albeit without permission. In the replication and so on. The other parts are basically compatible with other products. So the Ldapsearch tool is able to search for records in the ad. In fact, the largest customer of ad is Microsoft itself. Therefore, the DC is the official name in the Server Configuration Wizard. Ad the name is instead secondary. Once configured, there is a robust folder tree structure. The user of the ad is objectclass, the default user record is under users, and the users objectclass is container. The DN of an ad user might be "cn=username,cn=users,dc= Domain-suffix ". The AD default security policy does not agree with an "empty" binding (a series of binding functions that have a null DN such as bind (""). Therefore, you must have a legally authenticated binding:
Ldapsearch-x-w-d "Cn=username,cn=users,dc=domain-suffix"-B "BaseDN"-H host
or a
LDAP Search-x-W cred-d "Cn=username,cn=users,dc=domain-suffix"-B "BaseDN"-H host
The smiple_bind* () in the corresponding API.-W/-W indicates that the DN of "bound DN"-B "Start search" is required to password-d the IP or domain name of the host.
Example: I have an experimental host in school Troy is configured as the "osdn.zzti.edu.cn" primary domain controller. If I run Ldapsearch on my laptop with fedora installed, the commands are as follows:
Ldapsearch-x-w-d "CN=ADMINISTRATOR,CN=USERS,DC=OSDN,DC=ZZTI,DC=EDU,DC=CN"-B "cn=administrator,cn=users,dc=osdn, DC=ZZTI,DC=EDU,DC=CN "-H troy.osdn.zzti.edu.cn
This returns the user administrator information back:
# extended LDIF
#
# LDAPv3
# base <cn=administrator,cn=users,dc=osdn,dc=zzti,dc=edu,dc=cn>; With Scope Sub
# Filter: (objectclass=*)
# Requesting:all
#
# Administrator, Users, osdn.zzti.edu.cn
Dn:cn=administrator,cn=users,dc=osdn,dc=zzti,dc=edu,dc=cn
Objectclass:top
Objectclass:person
Objectclass:organizationalperson
Objectclass:user
Cn:administrator
Description:: 566h55cg6k6h566x5py6kowfnynnmotlhoxnva7lujdmilc=
Distinguishedname:cn=administrator,cn=users,dc=osdn,dc=zzti,dc=edu,dc=cn
Instancetype:4
whencreated:20040820145628.0z
whenchanged:20040820151744.0z
usncreated:8194
Memberof:cn=group Policy Creator OWNERS,CN=USERS,DC=OSDN,DC=ZZTI,DC=EDU,DC=CN
Memberof:cn=domain ADMINS,CN=USERS,DC=OSDN,DC=ZZTI,DC=EDU,DC=CN
Memberof:cn=enterprise ADMINS,CN=USERS,DC=OSDN,DC=ZZTI,DC=EDU,DC=CN
Memberof:cn=schema ADMINS,CN=USERS,DC=OSDN,DC=ZZTI,DC=EDU,DC=CN
Memberof:cn=administrators,cn=builtin,dc=osdn,dc=zzti,dc=edu,dc=cn
usnchanged:13895
Name:administrator
ObjectGUID:: z44srinf40sgbgqson8rta==
useraccountcontrol:66048
badpwdcount:0
codepage:0
countrycode:0
badpasswordtime:127375629853437500
lastlogoff:0
lastlogon:127375630164843750
pwdlastset:127374851807500000
primarygroupid:513
ObjectSid:: aquaaaaaaauvaaaafa5hvz/nvf7r0u429aeaaa==
Admincount:1
accountexpires:9223372036854775807
Logoncount:17
Samaccountname:administrator
samaccounttype:805306368
Objectcategory:cn=person,cn=schema,cn=configuration,dc=osdn,dc=zzti,dc=edu,dc
=cn
Iscriticalsystemobject:true
# Search Result
Search:2
result:0 Success
# Numresponses:2
# numentries:1
You'd better try starting with "Dc=domain-suffix". This gives you access to the entire active folder structure.
This can be used to analyze the folder structure of the active folder. Then learn from your own folder. It is usually very difficult to find the object of imitation learning. This can be used to remove the active folder. He le?
How to query the contents of the active folder through Ldapsearch under Linux