Reputation: 1041
Active Directory Searchable Filters
Is there a way to query a company's active directory server to get a list of searchable attributes?
I am a novice w.r.t. to AD but I do know that some common searchable attributes are:
- Common Name
- Distinguished Name
- Organizational Unit
But, some companies may choose not to use some of these fields and others may use fields that are not in the above list.
The problem I am trying to solve is to offer the customer a list of searchable attributes from their AD installation and allow them to specify search filters to narrow down the list of users or groups to choose from.
Upvotes: 0
Views: 271
Answers (1)
Reputation: 11046
Using LDAP you can get all possible attributes from the scubschema entry of the rootDSE.
You first need to query like:
ldapsearch -s base -b "" -D cn=Administrator,cn=users,dc=domain,dc=com -w 'password' -x -h 192.168.3.10 objectClass=* subschemasubentry
Which returns
dn: subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com
Then a query like:
ldapsearch -s base -b "CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com" -D cn=Administrator,dc=domain,dc=com -w password -x -h 192.168.3.11 objectclass=subschema attributetypes
Will return ALL the attributes. This will be ALL the attributes weather or not they have values or not. -jim
Upvotes: 1
Related Questions
- DirectorySearcher Filter
- Active Directory LDAP Search Filter or operator syntax
- Invalid search Filter in Active Directory
- LDAP filter for searching students
- Active Directory - search by specifying a search filter and search controls and no context
- Active Directory search filter example
- current active directory search filter
- Active Directory Custom Search LDAP query
- Sub filters in LDAP query
- Active Directory search - filter by Manager