ldapdomaindump Examples (with examples)

Use Case 1: Dump all information using the given LDAP account

ldapdomaindump --user domain\\administrator --password password|ntlm_hash hostname|ip

Motivation: This command is used to dump all information from the LDAP server using a specific LDAP account. By providing the LDAP account credentials, the command gains access to the LDAP server and retrieves all available information.

Explanation:

• --user: Specifies the LDAP account to be used for accessing the LDAP server. The format is domain\\administrator, where domain is the domain name and administrator is the username of the LDAP account.
• --password: Specifies the password or NTLM hash of the LDAP account. It can be provided directly or as an NTLM hash.
• hostname|ip: Specifies the hostname or IP address of the LDAP server.

Example Output: The command will output all available information from the LDAP server. This can include information about users, computers, groups, operating systems, and membership details. The output can be in HTML, JSON, or greppable format, depending on the command options.

Use Case 2: Dump all information, resolving computer hostnames

ldapdomaindump --resolve --user domain\\administrator --password password hostname|ip

Motivation: Resolving computer hostnames can be useful for retrieving additional details about the computers in the LDAP server. By enabling hostname resolution, the command can retrieve and display the resolved hostnames in the output.

Explanation:

• --resolve: Enables hostname resolution for computer objects. This option allows the command to retrieve the DNS name associated with each computer object in the LDAP server.
• Other arguments have the same meaning as in Use Case 1.

Example Output: In addition to the information retrieved in Use Case 1, the command will also display the resolved hostnames of the computers in the LDAP server. This can provide more context and make the information more readable.

Use Case 3: Dump all information, resolving computer hostnames with the selected DNS server

ldapdomaindump --resolve --dns-server domain_controller_ip --user domain\\administrator --password password hostname|ip

Motivation: In some scenarios, the DNS server used by the LDAP server may not be accessible or reliable. This command allows specifying a different DNS server to be used for hostname resolution, ensuring accurate and reliable hostname information.

Explanation:

• --dns-server domain_controller_ip: Specifies the IP address of the DNS server to be used for hostname resolution. By default, the command uses the DNS server configured on the LDAP server.
• Other arguments have the same meaning as in Use Case 2.

Example Output: Similar to Use Case 2, but the resolved hostnames are obtained using the specified DNS server instead of the default DNS server. This ensures accurate and reliable hostname resolution.

Use Case 4: Dump all information to the given directory without JSON output

ldapdomaindump --no-json --outdir path/to/directory --user domain\\administrator --password password hostname|ip

Motivation: This command is used to dump all the information retrieved from the LDAP server into a specific directory. By disabling the JSON output and specifying an output directory, the command allows easy management and organization of the dumped information.

Explanation:

• --no-json: Disables the generation of JSON output. Only HTML and greppable output will be generated.
• --outdir path/to/directory: Specifies the directory where the output files will be saved.
• Other arguments have the same meaning as in Use Case 3.

Example Output: The command will generate HTML and greppable output files in the specified directory. These files will contain the dumped information from the LDAP server.