impacket-getadusers

View documentation for the original command

$ tldr GetADUsers.py

impacket-getadusers [-dc-ip domain controller ip] [-request-ticket] [-debug] [-use-ldaps] domain/[user[:password]]

-dc-ip
    IP Address of the domain controller. If omitted, the script will try to resolve the domain.

-request-ticket
    Requests a kerberos ticket and passes it as credential.

-debug
    Turns on debug output.

-use-ldaps
    Use LDAPS instead of LDAP.

domain/[user[:password]]
    Domain to connect to. If user and password are provided, it uses those to authenticate. Otherwise, it will try to use the current logged on user's credentials (kerberos).

impacket-getadusers is a Python script leveraging the Impacket library to enumerate user accounts within an Active Directory domain.
It retrieves user information, such as usernames, full names, email addresses, and other attributes, providing a valuable tool for security assessments, penetration testing, and Active Directory administration.
The script can be used without any authentication or with user credentials.
It helps to gather information about the AD environment, helping analysts to get insights on AD structure and possible weak spots.
Information gathering and enumeration is the first step of any offensive or defensive security engagement.

Requires the Impacket library to be installed.
Domain credentials are required for authenticated enumeration.
Unauthenticated enumeration may be limited by Active Directory policies.

The script constructs LDAP queries to retrieve user objects from the Active Directory. Understanding LDAP query syntax is helpful for customizing the information retrieval process. This can be done by editing the getADUsers.py file.

When credentials are not provided, the script attempts to authenticate using Kerberos. Ensuring proper Kerberos configuration on the client machine is crucial for successful authentication. To check if Kerberos is working properly, run "klist" command.

impacket-getadusers is part of the Impacket library, a collection of Python classes for working with network protocols. Its development is ongoing, with regular updates and improvements to address new Active Directory features and security vulnerabilities.

ldapsearch(1)