4 echo "usage: ".$argv[0]. " domain user password admingroup\n";
13 $servers = dns_get_record("_gc._tcp.$addom");
14 if(count($servers)<1) {
15 echo "AD servers cant be found, fail!\n";
18 echo count($servers)." AD servers returned, using ".$servers[0]["target"]."\n";
20 // we should check all servers, but lets just go with 0 for now
21 $cnt = ldap_connect($servers[0]["target"], $servers[0]["port"]);
23 $bind = ldap_bind($cnt, "$adlogin@$addom", "$adpass");
30 $ars = explode(".", $addom);
33 foreach($ars as $val) {
37 $basecn = preg_replace("/,$/", "", $tcn);
39 //$sr = ldap_search($cnt, "$basecn", "(&(objectclass=person)(memberof=*Administrators*))");
40 //$sr = ldap_search($cnt, "$basecn", "(CN=CN=Administrators,CN=Builtin,DC=syd,DC=sententia,DC=com,DC=au)");
41 $sr = ldap_search($cnt, "$basecn", "(&(objectclass=group)(CN=$adgroup))");
42 $info = ldap_get_entries($cnt, $sr);
44 if($info["count"] < 1) {
45 echo "Couldn't find a matching group\n";
48 echo "Found a group, ".$info[0]["cn"][0]."\n";
49 echo "With a description of, ".$info[0]["description"][0]."\n";
50 echo "and a dn of, ".$info[0]["dn"]."\n";
55 echo "Users in this group:\n";
56 // this is the MS way of dealing with nested groups, much less painful then the possible alternatives
57 $sr = ldap_search($cnt, "$basecn", "(&(objectCategory=user)(memberof:1.2.840.113556.1.4.1941:=".$info[0]["dn"]."))");
58 $info = ldap_get_entries($cnt, $sr);
59 foreach($info as $kpot => $lpot) {
62 if(isset($lpot["samaccountname"])) {
63 echo "User: ".$lpot["samaccountname"][0]."\n";
65 //echo "User: ".$kpot["samaaccountname"][0]."\n";
66 //echo "$kpot, $lpot\n";