{"id":4608,"library":"ldapdomaindump","title":"ldapdomaindump","description":"ldapdomaindump is a Python tool designed for Active Directory information dumping via LDAP. It collects and parses information from an Active Directory domain, outputting it in human-readable HTML, as well as machine-readable JSON and greppable formats. The current version is 0.10.0. Release cadence appears sporadic but the project is actively maintained.","status":"active","version":"0.10.0","language":"en","source_language":"en","source_url":"https://github.com/dirkjanm/ldapdomaindump/","tags":["Active Directory","LDAP","security","penetration testing","reconnaissance","red teaming"],"install":[{"cmd":"pip install ldapdomaindump","lang":"bash","label":"Install via pip"}],"dependencies":[{"reason":"Required for LDAP communication. Specific versions 2.5.0, 2.5.2, and 2.6 are excluded due to known issues.","package":"ldap3","optional":false},{"reason":"Required for DNS queries and hostname resolution.","package":"dnspython","optional":false},{"reason":"Requires Python 3.6 or greater.","package":"Python","optional":false}],"imports":[{"note":"ldapdomaindump is primarily a command-line tool. Its core functionality is executed via the `ldapdomaindump` script installed to the PATH. Programmatic use would involve calling `ldapdomaindump.main`.","symbol":"ldapdomaindump","correct":"ldapdomaindump -u 'DOMAIN\\username' -p 'password' hostname"},{"note":"Utility to convert ldapdomaindump JSON output to BloodHound CSV format. Executed via a command-line script.","symbol":"ldd2bloodhound","correct":"ldd2bloodhound -i <ldapdomaindump_output_dir> -o <bloodhound_output_dir>"},{"note":"Utility to convert ldapdomaindump JSON output to a more readable enum4linux-like output. Executed via a command-line script.","symbol":"ldd2pretty","correct":"ldd2pretty -d <ldapdomaindump_output_dir>"}],"quickstart":{"code":"import os\nimport subprocess\n\nLDAP_HOSTNAME = os.environ.get('LDAP_HOSTNAME', 'your_domain_controller.local')\nLDAP_USERNAME = os.environ.get('LDAP_USERNAME', 'domain\\\\user') # Use double backslash for literal backslash\nLDAP_PASSWORD = os.environ.get('LDAP_PASSWORD', 'YourPasswordHere')\nOUTPUT_DIR = \"./ldap_dump_output\"\n\n# Ensure output directory exists\nos.makedirs(OUTPUT_DIR, exist_ok=True)\n\ntry:\n    print(f\"[*] Attempting to dump AD information from {LDAP_HOSTNAME}...\")\n    command = [\n        \"ldapdomaindump\",\n        \"-u\", LDAP_USERNAME,\n        \"-p\", LDAP_PASSWORD,\n        \"-o\", OUTPUT_DIR,\n        LDAP_HOSTNAME\n    ]\n    \n    result = subprocess.run(command, capture_output=True, text=True, check=True)\n    print(\"[+] Command output:\")\n    print(result.stdout)\n    if result.stderr:\n        print(\"[!] Command error output:\")\n        print(result.stderr)\n    print(f\"[+] Active Directory dump saved to: {OUTPUT_DIR}\")\n    print(\"[+] Generated files: domain_users.html, domain_computers.json, etc.\")\nexcept subprocess.CalledProcessError as e:\n    print(f\"[X] Error during ldapdomaindump execution: {e}\")\n    print(f\"[X] Stderr: {e.stderr}\")\n    print(f\"[X] Stdout: {e.stdout}\")\nexcept FileNotFoundError:\n    print(\"[X] Error: 'ldapdomaindump' command not found. Ensure the tool is installed and in your PATH.\")\nexcept Exception as e:\n    print(f\"[X] An unexpected error occurred: {e}\")\n","lang":"python","description":"This quickstart demonstrates how to run `ldapdomaindump` from Python as a command-line tool to dump Active Directory information. It uses environment variables for sensitive credentials and specifies an output directory. The primary output files will be in HTML, JSON, and greppable formats."},"warnings":[{"fix":"Run `ldapdomaindump` with the `--minimal` flag: `ldapdomaindump --minimal -u user -p pass hostname`.","message":"For large Active Directory networks, dumping all default attributes can consume significant memory. Use the `--minimal` switch to reduce memory usage by querying only essential attributes.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Ensure you are running `ldapdomaindump` with Python 3.6+.","message":"Older versions (prior to v0.9.0) might have had limited Python 2 compatibility, but current versions (>=0.9.0, and specifically >=0.10.0) officially require Python 3.6 or greater. Running on Python 2 will result in errors.","severity":"breaking","affected_versions":"<0.9.0 (compatibility); All versions (if used with Python 2)"},{"fix":"Provide valid domain credentials with appropriate permissions using the `-u` and `-p` flags. Ensure username format is correct (e.g., `DOMAIN\\user`).","message":"ldapdomaindump requires valid LDAP bind credentials (username and password or NTLM hash) to perform queries. Anonymous binds typically yield very limited information. The username usually needs to be in `DOMAIN\\username` format.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Ensure `ldap3` is not one of the explicitly excluded versions. `pip install --upgrade ldap3` will generally install a compatible version, or `pip install 'ldap3>=2.5,!=2.5.0,!=2.5.2,!=2.6'`.","message":"The `pyproject.toml` explicitly excludes `ldap3` versions `2.5.0`, `2.5.2`, and `2.6`. Using these specific `ldap3` versions may lead to unexpected errors or silent failures.","severity":"breaking","affected_versions":"All versions"},{"fix":"If using `ldd2bloodhound`, ensure your BloodHound version is 4.0 or below. A workaround might involve importing with an older BloodHound version and then opening with a newer one. Verify compatibility before critical use.","message":"The `ldd2bloodhound` utility, used for converting `ldapdomaindump` output to BloodHound compatible CSVs, is noted to only work reliably with BloodHound versions 4.0 and below. Newer BloodHound versions may require workarounds or fail to import correctly.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Always check the output directory for generated files and review the console for any warnings or errors after execution. If no files are generated or output is unexpectedly sparse, investigate connection or permission issues.","message":"Historical issues have been reported where `ldapdomaindump` could fail silently due to uncaught exceptions, leading to incomplete or non-existent dumps without clear error messages. While some issues may have been resolved, it's prudent to always verify the output.","severity":"gotcha","affected_versions":"Potentially all versions, but more prevalent in older versions"}],"env_vars":null,"last_verified":"2026-04-12T00:00:00.000Z","next_check":"2026-07-11T00:00:00.000Z"}