All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

ldapsearch not getting all key/properties/fields from AD

bohrasaurabh
Communicator
‎10-01-2015 08:11 AM

In our environment when we run the powershell command to get a user's properties on AD server by running the below command we get 168 keys/properties/fields

Get-ADUser <username> -Properties *

However when I use ldapsearch command from Splunk for the same user I only get 83 properties.
| ldapsearch domain=mydomain search="(&(objectClass=user)(sAMAccountName=username))"

Some of the properties which are missing and we are interested are accountExpires, badPwdCount, scriptPath which are mentioned in the below question.

http://answers.splunk.com/answers/206725/ldapsearch-is-not-parsing-info-back-from-ad-well.html

I am seeing the above scenario on both (1.1.13 and 2.1.1) release of SA-ldapsearch. Am I missing some configuration which will fetch the missing properties?

0 Karma
Reply

lmaclean
Path Finder
‎01-03-2018 07:53 PM

Hi Kozanic,

Not sure why it only returns some results if doing just a basic search but if the attribute is in the LDAP schema then ldapsearch will pick it up, you just need to place the extra fields into a table output

e.g.

| table sAMAccountName, personalTitle, displayName, ..., pwdLastSet, badPasswordTime, badPwdCount, logonCount, etc....
0 Karma
Reply

Kozanic
Path Finder
‎01-03-2018 09:06 PM

Thanks.

I actually found that the port you use to query on also affects the number of attributes returned.

I think the default returns less - but is slightly faster. I have updated to use port 389 which seems to return a lot more - but does take a little longer.

Reply

Kozanic
Path Finder
‎01-01-2018 07:15 PM

Hi bohrasaurabh,

Just wondering if you ever figured this one out?

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...