18.4. Programming with Perl


You want to programmatically access Active Directory using Perl.


There are two options for accessing Active Directory with Perl. You can use the Net::LDAP modules that are cross platform and use the LDAP protocol, or you can use the Win32::OLE module that gives you access to ADSI and must be run on a Windows machine. Both modules can be downloaded from the Comprehensive Perl Archive Network (CPAN) web site, http://www.cpan.org/.

The following example shows how to use the Net::LDAP modules to query the RootDSE:


use strict;
use Net::LDAP;

my $ldap_server  = $ARGV[0] || 'dc1';
my $ldapobj = Net::LDAP->new($ldap_server) or die " Could not connect: $@";
my $rootdse = $ldapobj->search(
                    base   => '',
                    filter => '(objectclass=*)',
                    scope  => 'base',
die $rootdse->error if $rootdse->code;
foreach $entry($rootdse->entries) {
   foreach $attr(sort $entry->attributes) {
      foreach ($entry->get($attr)) {
         print "$attr: $_\n";

This next example uses the Win32::OLE module and ADSI to display the attributes of the RootDSE:

use strict;
use Win32::OLE 'in';

my $rootdse = Win32::OLE->GetObject("LDAP://RootDSE");
for my $i ( 0 .. $rootdse->PropertyCount - 1) {
    my $prop = $rootdse->Item($i);
    print $prop->Name,"\n";
    foreach my $val (in $prop->Values) {
       print "  ",$val->CaseIgnoreString,"\n";

It is worth noting that with Net::LDAP, you generally need to bind to the target domain controller before performing a search or any ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.