Searching Active Directory with ldapsearch

If you think there isn’t a trick to this, that means you’ve never tried it — leastways not on an Active Directory container that has more than 1,000 objects in it (or whatever the search limit has been set to in your environment).

Welcome to the wonderful world of the Simple Paged Results Control, highlighted elsewhere on this blog in relation to AD searches using Perl.

Here’s the magic syntax (using the OpenLDAP version of ldapsearch):

ldapsearch -x -LLL -E pr=200/noprompt -h [AD Host] -D
[AD User] -w [AD Pass] -b [Base DN] -s sub "([LDAP Filter])" [attr list]

So, for example:


ldapsearch -x -LLL -E pr=200/noprompt -h testad.example.com
-D "myuser@testdomain.example.com" -w 123456 -b "cn=users,
dc=testdomain, dc=example,dc=com" -s sub "(cn=*)" cn mail sn

So much for ease of use and Microsoft Products.