Overview
The below PHP script is an example of how to query an Active Directory domain. In this example we will be using LDAP and retrieve a list of computer accounts in the domain.
If instead of computer accounts you are looking to retrieve information on user accounts in the domain, then take a look at this post
Web Server Requirements
In the case of this example I am using Apache. To use this script your PHP web server will need the LDAP module installed. You can verify the installation by creating a phpinfo file.
phpinfo.php
<?php
phpinfo();
?>
When browsing to your phpinfo page you should see an ldap section;
If you don’t see an ldap section in your phpinfo results you will need to install the php ldap package. For example on Ubuntu / Debian;
# Install php5-ldap:
sudo apt-get install php-ldap
# Reboot apache
service apache2 restart
Variables to change
You will need to change these variables in the script.
Line 4 - $ldap_password = 'AD_Password'; Line 5 - $ldap_username = '[email protected]'; Line 6 - $ldap_connection = ldap_connect("domain.tld"); Line 20 - $ldap_base_dn = 'DC=domain,DC=tld,DC=tld';
The PHP Script
<?php
//LDAP Bind paramters, need to be a normal AD User account.
$ldap_password = 'AD_Password';
$ldap_username = '[email protected]';
$ldap_connection = ldap_connect("domain.tld");
if (FALSE === $ldap_connection) {
// Uh-oh, something is wrong...
echo 'Unable to connect to the ldap server';
}
// We have to set this option for the version of Active Directory we are using.
ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3) or die('Unable to set LDAP protocol version');
ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0); // We need this for doing an LDAP search.
if (TRUE === ldap_bind($ldap_connection, $ldap_username, $ldap_password)) {
//Your domains DN to query
$ldap_base_dn = 'DC=domain,DC=tld,DC=tld';
//Get standard users and contacts
$search_filter = '(|(objectCategory=Computer))';
//Connect to LDAP
$result = ldap_search($ldap_connection, $ldap_base_dn, $search_filter);
if (FALSE !== $result) {
$entries = ldap_get_entries($ldap_connection, $result);
// Uncomment the below if you want to write all entries to debug somethingthing
//var_dump($entries);
//Create a table to display the output
echo '<h2>AD Computer Results</h2></br>';
echo '<table border = "1"><tr bgcolor="#cccccc"><td>Name</td><td>Descrption</td></tr>';
//For each account returned by the search
for ($x = 0; $x < $entries['count']; $x++) {
//
//Retrieve values from Active Directory
//
//Common Name
$LDAP_CN = "";
if (!empty($entries[$x]['cn'][0])) {
$LDAP_CN = $entries[$x]['cn'][0];
if ($LDAP_CN == "NULL") {
$LDAP_CN = "";
}
}
//Description
$LDAP_Description = "";
if (!empty($entries[$x]['description'][0])) {
$LDAP_Description = $entries[$x]['description'][0];
if ($LDAP_Description == "NULL") {
$LDAP_Description = "";
}
}
echo "<tr><td><strong>" . $LDAP_CN . "</strong></td><td>" . $LDAP_Description . "</td></tr>";
} //END for loop
} //END FALSE !== $result
ldap_unbind($ldap_connection); // Clean up after ourselves.
echo ("</table>"); //close the table
} //END ldap_bind
Is there an easy to pull pictures as well?