Get reliable and fast VPS from Dropvps!Buy Now
Menu
Signup | Login
05/04/2025Cooper Reagan
How do I find Active Directory in Linux?
Publication Date 05/04/2025
Category: Articles
Reading Time 3 Min

How do I find Active Directory in Linux?

If you’re a Linux user operating in a hybrid environment of Windows infrastructure, chances are you’ll be required to work with Active Directory (AD) in some way or another. Perhaps it’s to authenticate users, to query directory information, or to integrate a Linux server into a Windows domain. Whatever the case, being able to find and query Active Directory on Linux is a valuable skill to have. Here, we’ll show you how to locate and use Active Directory from a Linux box, step by step. No hyperbole, just actual tools and examples that work.

Step 1: Discover Domain Controllers with dig

If you know the domain name (e.g., corp.example.com), you can use dig to find domain controllers via DNS:

dig +short _ldap._tcp.dc._msdcs.corp.example.com SRV

This command queries DNS for SRV records used by AD. The result will look like:

0 100 389 dc1.corp.example.com.
0 100 389 dc2.corp.example.com.

These hostnames are your Active Directory Domain Controllers.

Step 2: Check Domain Reachability with ping and nmap

You can test connectivity using simple tools:

ping dc1.corp.example.com

To check if LDAP port 389 is open:

nmap -p 389 dc1.corp.example.com
If you’re working in a Kerberos-enabled environment, you might also check port 88.

Step 3: Query Active Directory via ldapsearch

Install the ldap-utils package if you don’t have it already:

sudo apt update && sudo apt install ldap-utils

Then run:

ldapsearch -x -H ldap://dc1.corp.example.com -b "dc=corp,dc=example,dc=com"

This will dump a lot of info from the AD — you can filter it:

ldapsearch -x -H ldap://dc1.corp.example.com -b "dc=corp,dc=example,dc=com" "(objectClass=user)" sAMAccountName

Or to find a specific user:

ldapsearch -x -H ldap://dc1.corp.example.com -b "dc=corp,dc=example,dc=com" "(sAMAccountName=john.doe)"

Make sure you know the base DN. If you’re unsure, ask your Windows admin or try to guess it based on your domain.

Step 4: Join Linux to the Domain (Optional but Useful)

Sometimes you want full AD integration. You can use realmd and sssd.

First, install required packages:

sudo apt install realmd sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit

Then discover the domain:

realm discover corp.example.com

Join the domain (you’ll need an AD user with join permissions):

sudo realm join corp.example.com -U 'adminuser'

Verify the domain status:

realm list

Now you can authenticate with domain accounts directly from Linux.

Step 5: Using wbinfo and getent After Joining

Once joined, test user lookups:

wbinfo -u    # list users
wbinfo -g    # list groups

You can also check NSS:

getent passwd 'corp\\john.doe'

If this works, your Linux system is now AD-aware.

Comments

U
Loading...

Related Posts