Search DirContext without name

Question

I use a service account to connect to Active Directory and then search for a user using the context like :

String searchBase = "DC=extLDAP,DC=com";
String query = "(&(objectCategory=person)(objectClass=user)(SAMAccountName=batty))";
final SearchControls constraints = new SearchControls();

final NamingEnumeration<?> searchResults = dirContext.search(searchBase,searchQuery,constraints);

But I have a scenario when searchBase is not given to me. In this case, I need to search through complete active directory.

I tried to use searchBase=null; and searchBase=""; but in both cases I get NullPointerException and NameNotFoundException respectively.

Is there any way I can search through complete active directory without knowing searchBase or domain name.

Note: I am making connection using full dn of service account. So, not knowing domain name specifically.

score 0 · Answer 1 · edited May 23 '17 at 11:59

The searchbase is always the domain root DC=extLDAP,DC=com - you cannot search more objects in your AD.

However, if you do not know the domain root context beforehand, you can do either of three things:

resolve the domain root context using a query of the rootDSE object: https://msdn.microsoft.com/en-us/library/ms676736%28v=vs.85%29.aspx
use AD's phantom root option to search the entire domain without specifying the context: https://msdn.microsoft.com/en-us/library/aa366988.aspx
resolve the domain details using DNS: How can I find out which server hosts LDAP on my windows domain?

Of course all Microsoft examples are in C# or worse, but you should be able to translate to proper Java.

Search DirContext without name

1 Answers1