Overview
The below PHP script is an example of how to query an Active Directory domain. In this example we will be using LDAP and retrieve a list of computer accounts in the domain.
If instead of computer accounts you are looking to retrieve information on user accounts in the domain, then take a look at this post
Web Server Requirements
In the case of this example I am using Apache. To use this script your PHP web server will need the LDAP module installed. You can verify the installation by creating a phpinfo file.
phpinfo.php
<?php phpinfo(); ?>
When browsing to your phpinfo page you should see an ldap section;
If you don’t see an ldap section in your phpinfo results you will need to install the php ldap package. For example on Ubuntu / Debian;
# Install php5-ldap: sudo apt-get install php-ldap # Reboot apache service apache2 restart
Variables to change
You will need to change these variables in the script.
Line 4 - $ldap_password = 'AD_Password'; Line 5 - $ldap_username = 'AD_Username@domain.tld'; Line 6 - $ldap_connection = ldap_connect("domain.tld"); Line 20 - $ldap_base_dn = 'DC=domain,DC=tld,DC=tld';
The PHP Script
<?php //LDAP Bind paramters, need to be a normal AD User account. $ldap_password = 'AD_Password'; $ldap_username = 'AD_Username@domain.tld'; $ldap_connection = ldap_connect("domain.tld"); if (FALSE === $ldap_connection) { // Uh-oh, something is wrong... echo 'Unable to connect to the ldap server'; } // We have to set this option for the version of Active Directory we are using. ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3) or die('Unable to set LDAP protocol version'); ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0); // We need this for doing an LDAP search. if (TRUE === ldap_bind($ldap_connection, $ldap_username, $ldap_password)) { //Your domains DN to query $ldap_base_dn = 'DC=domain,DC=tld,DC=tld'; //Get standard users and contacts $search_filter = '(|(objectCategory=Computer))'; //Connect to LDAP $result = ldap_search($ldap_connection, $ldap_base_dn, $search_filter); if (FALSE !== $result) { $entries = ldap_get_entries($ldap_connection, $result); // Uncomment the below if you want to write all entries to debug somethingthing //var_dump($entries); //Create a table to display the output echo '<h2>AD Computer Results</h2></br>'; echo '<table border = "1"><tr bgcolor="#cccccc"><td>Name</td><td>Descrption</td></tr>'; //For each account returned by the search for ($x = 0; $x < $entries['count']; $x++) { // //Retrieve values from Active Directory // //Common Name $LDAP_CN = ""; if (!empty($entries[$x]['cn'][0])) { $LDAP_CN = $entries[$x]['cn'][0]; if ($LDAP_CN == "NULL") { $LDAP_CN = ""; } } //Description $LDAP_Description = ""; if (!empty($entries[$x]['description'][0])) { $LDAP_Description = $entries[$x]['description'][0]; if ($LDAP_Description == "NULL") { $LDAP_Description = ""; } } echo "<tr><td><strong>" . $LDAP_CN . "</strong></td><td>" . $LDAP_Description . "</td></tr>"; } //END for loop } //END FALSE !== $result ldap_unbind($ldap_connection); // Clean up after ourselves. echo ("</table>"); //close the table } //END ldap_bind
Recent Comments