getadusers.py

Enumerate all Active Directory users and their attributes

$ GetADUsers.py -all -dc-ip [domain_controller_ip] [domain]/[username]:[password]

$ GetADUsers.py -user [user] -dc-ip [domain_controller_ip] [domain]/[username]:[password]

$ GetADUsers.py -all -dc-ip [domain_controller_ip] -hashes [LM_Hash]:[NT_Hash] [domain]/[username]

$ GetADUsers.py -all -dc-ip [domain_controller_ip] [domain]/[username]:[password] > [path/to/output.txt]

python3 getadusers.py [OPTIONS]

--help
    Displays a help message and exits. (Common for Python scripts)

--domain <DOMAIN_NAME>
    Specifies the Active Directory domain to query (e.g., example.com).

--server <DC_IP_OR_HOSTNAME>
    Specifies the IP address or hostname of a domain controller to connect to. If not specified, it might attempt to discover one.

--user <USERNAME>
    The username for authenticating to Active Directory (e.g., 'user@domain.com' or 'DOMAIN\user').

--password <PASSWORD>
    The password for the specified user. It's often recommended to avoid providing passwords directly on the command line for security reasons.

--filter <LDAP_FILTER>
    An LDAP search filter to narrow down the user results (e.g., '(sAMAccountName=jdoe*)' or '(&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))' for active users).

--fields <ATTR1,ATTR2,...>
    A comma-separated list of Active Directory attributes to retrieve for each user (e.g., 'sAMAccountName,mail,displayName,description').

--output <FORMAT>
    Specifies the output format, such as 'csv', 'json', or 'text'.

--limit <NUMBER>
    Limits the number of users returned by the query.

getadusers.py is typically a custom Python script designed to query and extract user information from an Active Directory (AD) domain. Unlike standard Linux commands, this script is not part of a default distribution and its exact functionality, syntax, and options are entirely dependent on how it was programmed. It commonly leverages Python libraries like ldap3, python-ldap, or similar modules to interact with LDAP (Lightweight Directory Access Protocol) services provided by Active Directory domain controllers. The script's primary purpose is often to automate tasks such as user enumeration, auditing user attributes, or integrating AD user data with other systems. Because it's a custom script, users must typically obtain the script's source code or documentation to understand its specific capabilities and usage.

getadusers.py is a custom script, meaning its behavior, options, and security implications are entirely dependent on its implementation.

Security: Be cautious when providing credentials on the command line, as they might be visible in process listings (e.g., ps output) or command history. Secure methods like environment variables or interactive prompts are often preferred.

Dependencies: The script requires Python 3 and specific Python libraries (e.g., ldap3, dnspython) to be installed in the Python environment.

Network Connectivity: Proper network connectivity to the Active Directory domain controllers is essential. Firewalls or network configurations can prevent the script from connecting.

Permissions: The user account used for authentication must have sufficient read permissions within Active Directory to query the desired user attributes.

A common use case involves running the script on a Linux server to pull user lists for inventory, to synchronize user data with other systems, or to perform ad-hoc lookups of user attributes. Example:
python3 getadusers.py --domain mydomain.com --server 192.168.1.10 --user 'svc_adreader' --password 'SecureP@ss1' --filter '(objectClass=user)' --fields 'sAMAccountName,mail' --output csv > ad_users.csv
This command would query all user objects in mydomain.com, retrieve their sAMAccountName and mail attributes, and save the output in CSV format to ad_users.csv.

To function, getadusers.py often relies on Python packages that can be installed via pip, such as:
pip install ldap3
pip install python-ldap (requires development headers for LDAP libraries on the system)
pip install dnspython (often used for domain controller discovery)

Python scripting for Active Directory interaction has evolved significantly, particularly with the growth of cross-platform AD management needs. Scripts like getadusers.py emerged as lightweight, flexible alternatives to native Windows tools or heavier open-source packages. They often started as simple utilities to fetch basic user data but have grown in complexity to handle more advanced queries, authentication methods (like Kerberos), and data processing. Their development is typically driven by specific administrative or integration requirements within organizations, leveraging Python's rich ecosystem of LDAP and network libraries.

ldapsearch(1), adcli(1), samba-tool(8), realm(8)