PHP – LDAP Query AD for Computer Accounts


The below PHP script is an example of how to query an Active Directory domain. In this example we will be using LDAP and retrieve a list of computer accounts in the domain.

If instead of computer accounts you are looking to retrieve information on user accounts in the domain, then take a look at this post

Web Server Requirements

In the case of this example I am using Apache. To use this script your PHP web server will need the LDAP module installed. You can verify the installation by creating a phpinfo file.



When browsing to your phpinfo page you should see an ldap section;

PHPInfo LDAP Section

If you don’t see an ldap section in your phpinfo results you will need to install the php ldap package. For example on Ubuntu / Debian;

# Install php5-ldap:
sudo apt-get install php-ldap

# Reboot apache
service apache2 restart

Variables to change

You will need to change these variables in the script.

Line 4 - $ldap_password = 'AD_Password';
Line 5 - $ldap_username = '[email protected]';
Line 6 - $ldap_connection = ldap_connect("domain.tld");

Line 20 - $ldap_base_dn = 'DC=domain,DC=tld,DC=tld'; 

The PHP Script


//LDAP Bind paramters, need to be a normal AD User account.
$ldap_password = 'AD_Password';
$ldap_username = '[email protected]';
$ldap_connection = ldap_connect("domain.tld");

if (FALSE === $ldap_connection) {
    // Uh-oh, something is wrong...
    echo 'Unable to connect to the ldap server';

// We have to set this option for the version of Active Directory we are using.
ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3) or die('Unable to set LDAP protocol version');
ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0); // We need this for doing an LDAP search.

if (TRUE === ldap_bind($ldap_connection, $ldap_username, $ldap_password)) {

    //Your domains DN to query
    $ldap_base_dn = 'DC=domain,DC=tld,DC=tld';

    //Get standard users and contacts
    $search_filter = '(|(objectCategory=Computer))';

    //Connect to LDAP
    $result = ldap_search($ldap_connection, $ldap_base_dn, $search_filter);

    if (FALSE !== $result) {
        $entries = ldap_get_entries($ldap_connection, $result);

        // Uncomment the below if you want to write all entries to debug somethingthing 

        //Create a table to display the output 
        echo '<h2>AD Computer Results</h2></br>';
        echo '<table border = "1"><tr bgcolor="#cccccc"><td>Name</td><td>Descrption</td></tr>';

        //For each account returned by the search
        for ($x = 0; $x < $entries['count']; $x++) {

            //Retrieve values from Active Directory

            //Common Name
            $LDAP_CN = "";

            if (!empty($entries[$x]['cn'][0])) {
                $LDAP_CN = $entries[$x]['cn'][0];
                if ($LDAP_CN == "NULL") {
                    $LDAP_CN = "";

            $LDAP_Description = "";

            if (!empty($entries[$x]['description'][0])) {
                $LDAP_Description = $entries[$x]['description'][0];
                if ($LDAP_Description == "NULL") {
                    $LDAP_Description = "";

            echo "<tr><td><strong>" . $LDAP_CN . "</strong></td><td>" . $LDAP_Description . "</td></tr>";
        } //END for loop
    } //END FALSE !== $result

    ldap_unbind($ldap_connection); // Clean up after ourselves.
    echo ("</table>"); //close the table

} //END ldap_bind

1 thought on “PHP – LDAP Query AD for Computer Accounts”

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.