RE: Active Directory user enumeration

The default behavior was changed in 2003. 2000 generally allowed
anonymous connections and then the results were based on the individual
objects' permissions. By default, anonymous LDAP operations, except
rootDSE searches and binds, are not permitted on Windows 2003 domain
controllers, any other query will result in domain controller requesting
authenticated bind to LDAP.

Anonymous LDAP operations to Active Directory are disabled on Windows
Server 2003 domain controllers:


-----Original Message-----
From: Sam Evans [mailto:wintrmte@xxxxxxxxx]
Sent: Thursday, January 26, 2006 9:50 PM
To: ilaiy
Cc: Frederic Charpentier; pen-test@xxxxxxxxxxxxxxxxx; Uno Mille
Subject: Re: Active Directory user enumeration

I'm not sure there is a way to enumerate AD through LDAP without
having to authenticate first. I have not tried it, but I am guessing
that Anonymous Bind is turned off by default (man, now I'm kinda
paranoid, I'll have to check!)


On 1/26/06, ilaiy <ilaiy.e@xxxxxxxxx> wrote:
> Try this one for linux
> ./thanks
> ilaiy
> On 1/24/06, Frederic Charpentier <fcharpen@xxxxxxxxxxxxxxxx> wrote:
> > you can try the Softerra LDAP browser if the server allows anonymous
> > read access (which is often the case).
> >
> >
> >
> > Fred
> >
> > Uno Mille wrote:
> > > Hello,
> > > I need to perform a pentest on an 2003 Active Directory
environment and I
> > > could not find a way to anonymously enumerate users, password
policy and etc
> > > as we normally do in a NT environment.
> > > Any way of doing it through LDAP without any authentication ?
> > > Regards,
> > > Uno

Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

Relevant Pages

  • php ldap & sso
    ... i'd like to protect some parts of a website, using ldap to athenticate ... their individual rights on my website. ... store the whole userinformation in a session / a cookie? ...
  • Re: ASP.NET and LDAP Connection
    ... I am getting the LDAP users to ... it was not loading the website. ... environment using the same LDAP connection and SQL database with the ...
  • Re: ldap value for user id
    ... for csvde ... You can view the ldap names either on the website or via ... > to know what the ldap value is for the user accts user id or the login id. ...
  • Re: cron stops silently
    ... On Friday 27 May 2005 08:05, Dean Strik wrote: ... > LDAP here? ... See also the PR (hasn't appeared on the website when I type ... > this btw). ...
  • Exchange 5.5 - modifying smtp addresses via VBscript
    ... I need to write a VBscript to enumerate all the users on an Exchange ... machine and remove/change the smtp addresses for a number of them ... but unfortunately I cannot get this to work (nor even simple LDAP ... operations error has occured". ...