I had a need to build a quick and simple shell script to quickly gather all of the user email addresses and descriptions from a MS Active Directory Domain Controller, so I could cross-reference with some user security rights and user identity tracking I was doing for a customer.
First, I had a CentOS 5.3 server that I need to get the ldapsearch binary installed. To do this, all you need to do is install the openldap-clients RPM package by running yum install openldap-clients from a command line.
Once this finishes, create a new file (vi newfile.sh) and add the following (change the bolded areas to suit your needs):
#!/bin/sh
ldapsearch -x -LLL -E pr=200/noprompt -h 1.2.3.4 -D “administrator@subdomain.somedomain.com” -w somepassword -b “ou=Some Users, dc=subdomain, dc=somedomain, dc=com” -s sub “(cn=*)” cn mail description
Escape then :wq! to save in vi. Be sure to chmod +x newfile.sh to make executable.
The output of this script will spit out full CN path, email address and the description field within MS Active Directory, which administrators often use as a free-text field for job title or description.
