从Win2000開始.微软抛弃NT域而採用活动文件夹来管理Windows域.而活动文件夹就是微软基于遵守LDAP协议的文件夹服务.假设用扫描器扫描的话能够发现活动文件夹的389port是打开的.并且微软尽管对这个协议都擅自作了些修改.但都集中在Replication等同步的部分.其它的部分是基本和其它产品兼容的.所以ldapsearch工具能够顺利的搜索AD中的记录.事实上AD最大的客户就是微软自己.所以在server配置向导中才用DC作为正式的名称.AD这个名称反而次要.AD在配置好之后就有了健全的文件夹树结构.AD的用户的objectclass为User,默认的用户记录位于Users下,而Users的objectclass就是Container.这样一个AD用户的DN可能是"cn=username,cn=users,dc=domain-suffix".AD默认的安全策略不同意"空"绑定(既bind("" 
等DN为空的一系列绑定函数).所以必须要有合法验证的绑定才行: ldapsearch -x -W -D "cn=username,cn=users,dc=domain-suffix" -b "basedn" -h host 或者是 ldap search -x -w cred -D "cn=username,cn=users,dc=domain-suffix" -b "basedn" -h host 当中-x相应API中的smiple_bind*().-w/-W 表示须要password -D "绑定的DN" -b "開始搜索的DN" -h 接主机的IP或者域名. 举例:我在学校有一台实验用的主机troy配置为"osdn.zzti.edu.cn"主域控制器.假如我在我装有fedora的笔记本osiris上运行ldapsearch,命令例如以下: ldapsearch -x -W -D "cn=administrator,cn=users,dc=osdn,dc=zzti,dc=edu,dc=cn" -b "cn=administrator,cn=users,dc=osdn,dc=zzti,dc=edu,dc=cn" -h troy.osdn.zzti.edu.cn 这样就回返回用户administrator的信息: # extended LDIF # # LDAPv3 # base <cn=administrator,cn=users,dc=osdn,dc=zzti,dc=edu,dc=cn>; with scope sub # filter: (objectclass=*) # requesting: ALL # # Administrator, Users, osdn.zzti.edu.cn dn: CN=Administrator,CN=Users,DC=osdn,DC=zzti,DC=edu,DC=cn objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: Administrator description:: 566h55CG6K6h566X5py6KOWfnynnmoTlhoXnva7luJDmiLc= distinguishedName: CN=Administrator,CN=Users,DC=osdn,DC=zzti,DC=edu,DC=cn instanceType: 4 whenCreated: 20040820145628.0Z whenChanged: 20040820151744.0Z uSNCreated: 8194 memberOf: CN=Group Policy Creator Owners,CN=Users,DC=osdn,DC=zzti,DC=edu,DC=cn memberOf: CN=Domain Admins,CN=Users,DC=osdn,DC=zzti,DC=edu,DC=cn memberOf: CN=Enterprise Admins,CN=Users,DC=osdn,DC=zzti,DC=edu,DC=cn memberOf: CN=Schema Admins,CN=Users,DC=osdn,DC=zzti,DC=edu,DC=cn memberOf: CN=Administrators,CN=Builtin,DC=osdn,DC=zzti,DC=edu,DC=cn uSNChanged: 13895 name: Administrator objectGUID:: z44SriNF40SGBgQson8RtA== userAccountControl: 66048 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 127375629853437500 lastLogoff: 0 lastLogon: 127375630164843750 pwdLastSet: 127374851807500000 primaryGroupID: 513 objectSid:: AQUAAAAAAAUVAAAAfA5HVz/NVF7R0u429AEAAA== adminCount: 1 accountExpires: 9223372036854775807 logonCount: 17 sAMAccountName: Administrator sAMAccountType: 805306368 objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=osdn,DC=zzti,DC=edu,DC =cn isCriticalSystemObject: TRUE # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 大家最好还是试试从"dc=domain-suffix"開始搜索.这样能够訪问整个的活动文件夹结构. 能够借此分析一下活动文件夹的文件夹结构.然后借鉴到自己的文件夹中.平时非常难找到模仿学习的对象.这下能够拿活动文件夹开刀.何乐不为呢?
等DN为空的一系列绑定函数).所以必须要有合法验证的绑定才行: ldapsearch -x -W -D "cn=username,cn=users,dc=domain-suffix" -b "basedn" -h host 或者是 ldap search -x -w cred -D "cn=username,cn=users,dc=domain-suffix" -b "basedn" -h host 当中-x相应API中的smiple_bind*().-w/-W 表示须要password -D "绑定的DN" -b "開始搜索的DN" -h 接主机的IP或者域名. 举例:我在学校有一台实验用的主机troy配置为"osdn.zzti.edu.cn"主域控制器.假如我在我装有fedora的笔记本osiris上运行ldapsearch,命令例如以下: ldapsearch -x -W -D "cn=administrator,cn=users,dc=osdn,dc=zzti,dc=edu,dc=cn" -b "cn=administrator,cn=users,dc=osdn,dc=zzti,dc=edu,dc=cn" -h troy.osdn.zzti.edu.cn 这样就回返回用户administrator的信息: # extended LDIF # # LDAPv3 # base <cn=administrator,cn=users,dc=osdn,dc=zzti,dc=edu,dc=cn>; with scope sub # filter: (objectclass=*) # requesting: ALL # # Administrator, Users, osdn.zzti.edu.cn dn: CN=Administrator,CN=Users,DC=osdn,DC=zzti,DC=edu,DC=cn objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: Administrator description:: 566h55CG6K6h566X5py6KOWfnynnmoTlhoXnva7luJDmiLc= distinguishedName: CN=Administrator,CN=Users,DC=osdn,DC=zzti,DC=edu,DC=cn instanceType: 4 whenCreated: 20040820145628.0Z whenChanged: 20040820151744.0Z uSNCreated: 8194 memberOf: CN=Group Policy Creator Owners,CN=Users,DC=osdn,DC=zzti,DC=edu,DC=cn memberOf: CN=Domain Admins,CN=Users,DC=osdn,DC=zzti,DC=edu,DC=cn memberOf: CN=Enterprise Admins,CN=Users,DC=osdn,DC=zzti,DC=edu,DC=cn memberOf: CN=Schema Admins,CN=Users,DC=osdn,DC=zzti,DC=edu,DC=cn memberOf: CN=Administrators,CN=Builtin,DC=osdn,DC=zzti,DC=edu,DC=cn uSNChanged: 13895 name: Administrator objectGUID:: z44SriNF40SGBgQson8RtA== userAccountControl: 66048 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 127375629853437500 lastLogoff: 0 lastLogon: 127375630164843750 pwdLastSet: 127374851807500000 primaryGroupID: 513 objectSid:: AQUAAAAAAAUVAAAAfA5HVz/NVF7R0u429AEAAA== adminCount: 1 accountExpires: 9223372036854775807 logonCount: 17 sAMAccountName: Administrator sAMAccountType: 805306368 objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=osdn,DC=zzti,DC=edu,DC =cn isCriticalSystemObject: TRUE # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 大家最好还是试试从"dc=domain-suffix"開始搜索.这样能够訪问整个的活动文件夹结构. 能够借此分析一下活动文件夹的文件夹结构.然后借鉴到自己的文件夹中.平时非常难找到模仿学习的对象.这下能够拿活动文件夹开刀.何乐不为呢?