getadusers.py

Enumerate all Active Directory users and their attributes

$ GetADUsers.py -all -dc-ip [domain_controller_ip] [domain]/[username]:[password]

$ GetADUsers.py -user [user] -dc-ip [domain_controller_ip] [domain]/[username]:[password]

$ GetADUsers.py -all -dc-ip [domain_controller_ip] -hashes [LM_Hash]:[NT_Hash] [domain]/[username]

$ GetADUsers.py -all -dc-ip [domain_controller_ip] [domain]/[username]:[password] > [path/to/output.txt]

python getadusers.py -s -u -p [-b ] [-f ] [-a ] [-o ]

-s
    Specifies the Active Directory server address.
Example: `dc01.example.com`

-u
    Specifies the username for authenticating to the Active Directory.
Example: `administrator`

-p
    Specifies the password for the username. Care should be taken when providing passwords via command line.

-b
    Specifies the base DN (Distinguished Name) to start the search from.
Example: `OU=Users,DC=example,DC=com`

-f
    Specifies an LDAP filter to narrow down the user search.
Example: `(objectClass=user)` or `(sAMAccountName=johndoe)`

-a
    Specifies a comma-separated list of attributes to retrieve for each user.
Example: `sAMAccountName,displayName,mail`

-o
    Specifies the file to write the output to. If not provided, the output is printed to standard output (stdout).

The `getadusers.py` script is a Python-based command-line tool designed to retrieve user information from an Active Directory (AD) domain. It leverages LDAP (Lightweight Directory Access Protocol) to connect to the AD server, authenticate, and query user attributes based on specified criteria. This script provides a convenient way to automate the process of extracting user data, making it useful for tasks such as user account audits, reporting, and integration with other systems. It offers flexibility in specifying search filters, attribute selection, and output formatting, allowing users to tailor the results to their specific needs. The script might incorporate error handling to manage connection issues, invalid credentials, or unexpected LDAP responses. Properly configuring the script with the correct AD server details, credentials, and search base is essential for successful operation. It can be particularly useful for system administrators and security professionals needing to gather user information for compliance or troubleshooting.

This script requires the `ldap3` Python library. Ensure it is installed before running the script.
Storing credentials directly in the script or command line is highly discouraged. Consider using environment variables or a secure configuration file.

The script should include robust error handling to gracefully manage potential issues such as connection failures, invalid credentials, incorrect server addresses, and invalid LDAP filters. This includes logging error messages and providing informative output to the user.

Protecting credentials is paramount. Avoid hardcoding passwords and consider using secure storage mechanisms like environment variables or dedicated secrets management solutions. Properly validate user input and sanitize LDAP filters to prevent LDAP injection attacks.

The script relies heavily on the `ldap3` Python library to communicate with Active Directory. Make sure that all dependencies are met before trying to run the script.

The `getadusers.py` script is typically developed by system administrators or security engineers to automate user information retrieval from Active Directory. Its usage increases in environments where manual querying of AD is time-consuming or requires specialized tools. It's a custom-built solution, so its history is tied to the specific organization or individual that created and maintains it.

ldapsearch(1)