18.4. Programming with Perl


You want to programmatically access Active Directory using Perl.


There are two options for accessing Active Directory with Perl. You can use the Net::LDAP modules that are cross platform and use the LDAP protocol, or you can use the Win32::OLE module that gives you access to ADSI and must be run on a Windows machine. Both modules can be downloaded from the Comprehensive Perl Archive Network (CPAN) web site, http://www.cpan.org/.

The following example shows how to use the Net::LDAP modules to query the RootDSE:


use strict;
use Net::LDAP;

my $ldap_server  = $ARGV[0] || 'dc1';
my $ldapobj = Net::LDAP->new($ldap_server) or die " Could not connect: $@";
my $rootdse = $ldapobj->search(
                    base   => '',
                    filter => '(objectclass=*)',
                    scope  => 'base',
die $rootdse->error if $rootdse->code;
foreach $entry($rootdse->entries) {
   foreach $attr(sort $entry->attributes) {
      foreach ($entry->get($attr)) {
         print "$attr: $_\n";

This next example uses the Win32::OLE module and ADSI to display the attributes of the RootDSE:

use strict;
use Win32::OLE 'in';

my $rootdse = Win32::OLE->GetObject("LDAP://RootDSE");
for my $i ( 0 .. $rootdse->PropertyCount - 1) {
    my $prop = $rootdse->Item($i);
    print $prop->Name,"\n";
    foreach my $val (in $prop->Values) {
       print "  ",$val->CaseIgnoreString,"\n";

It is worth noting that with Net::LDAP, you generally need to bind to the target domain controller before performing a search or any ...

Get Active Directory Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.