2

In Active Directory Users And Computers it is easy to just select Find =>Entire Directory to search a username.

If I don't feed this API (PHP AD LDAP 4.04) the correct account_suffix,base_dn,domain_controllers it will not return ANY information on the user account when I do $ad->user()->infoCollection($username,array('*'));

I am able to 

$ad->findBaseDn();

From this, I am able to deduce the current domain my user account is part of...

How would I discover ALL domains in the forest that I belong to? ... or is there any easy way to top level query without specifying all this information in a loop through manual input?

If you are familiar with Powershell Active Directory, something like 

$var = Get-AdForest
$var.Domains
Kellen Stuart
  • 7,775
  • 7
  • 59
  • 82

1 Answers1

3

A ldapSearch with a base of: CN=Partitions,CN=Configuration,DC=example,DC=com

With an LDAP Filter of: (nETBIOSName=*)

And Returning the Attribute: nCNames

Will return all the AD Domains within the forest in LDAP Format.

However, how "trusts" are configured may restrict or allow access to these Domains.

-jim

jwilleke
  • 10,467
  • 1
  • 30
  • 51
  • Is it not rather dnsRoot (yourcompany.local) and name (yourcompany) for domain-name ? nCNames returns DC=yourcompany,DC=local, a domain name is yourcompany.local, which is what dnsRoot returns. – Stefan Steiger Aug 29 '19 at 11:43
  • The filter should be (nETBIOSName=*) – krizex Jan 07 '20 at 06:59
  • @StefanSteiger - I mentioned the "Will return all the AD Domains within the forest in LDAP Format" But yes the dnsRoot will return as you said. – jwilleke Jan 07 '20 at 11:28