In our environment when we run the powershell command to get a user's properties on AD server by running the below command we get
Get-ADUser <username> -Properties *
However when I use ldapsearch command from Splunk for the same user I only get
| ldapsearch domain=mydomain search="(&(objectClass=user)(sAMAccountName=username))"
Some of the properties which are missing and we are interested are accountExpires, badPwdCount, scriptPath which are mentioned in the below question.
I am seeing the above scenario on both (1.1.13 and 2.1.1) release of SA-ldapsearch. Am I missing some configuration which will fetch the missing properties?
Not sure why it only returns some results if doing just a basic search but if the attribute is in the LDAP schema then ldapsearch will pick it up, you just need to place the extra fields into a table output
| table sAMAccountName, personalTitle, displayName, ..., pwdLastSet, badPasswordTime, badPwdCount, logonCount, etc....
I actually found that the port you use to query on also affects the number of attributes returned.
I think the default returns less - but is slightly faster. I have updated to use port 389 which seems to return a lot more - but does take a little longer.