How to get Active Directory domain objectGUID anonymously

windows active-directory ldap

As an authenticated Active Directory user, I can run this to get the domain GUID (objectGUID):

dsquery * "DC=lab,DC=local" -scope base -attr objectguid

I can use this command in Linux to get the domain (lab.local) SID from the domain controller labdc01 without an account (anonymously):

# rpcclient -U% labdc01.lab.local -c lsaquery
Domain Name: LAB 
Domain Sid: S-1-5-21-3869872838-1836277878-698564084

If I know the GUID, I can fetch it from DNS:

_ldap._tcp.4f904480-7c78-11cf-b057-00aa006b4f8f.domains._msdcs.lab.local.

How can I get the domain objectGUID anonymously (like the SID example above)?


Solution 1:

By default:

You can't

With Active Directory, for any anynymous LDAP operation (apart from RootDSE binds) to succeed, you would need to:

  1. Enable anonymous binds
  2. Allow Anonymous access to public properties

Related

Server 2008 permissions issues
CentOS6 PHP extension install: Cannot find php-config. Please use --with-php-config=PATH
No Certificate Templates in Certification Authority
Should I exclude all 'dev/' or only 'dev/pts/' during full server tar backup?
Gerrit Label - Verified
No space left on device - wrong size
postfix+dovecot store maildir format mail in /var/mail
Join EC2 instance to my Local Area Network [closed]
Non-R2 vs R2 versions of Microsoft products [closed]
How to sync two CalDAV servers
How do I upload an ISO to the Hyper-V data store?
Can’t mount NFS share from linux server on windows