An LDAP based Active Directory user and group enumeration tool
ad-ldap-enum is a Python script developed to discover users and their group memberships from Active Directory. In large Active Directory environments, tools such as NBTEnum were not performing fast enough. By executing LDAP queries against a domain controller, ad-ldap-enum can target specific Active Directory attributes and build out group membership quickly.
ad-ldap-enum outputs three tab-delimited files 'Domain Group Membership.tsv', 'Extended Domain User Information.tsv', and 'Extended Domain Computer Information.tsv'. The first file contains users, computers, groups, and their memberships. The second file contains users and extra information about the users from Active Directory (e.g., a user's home folder or email address). The third file contains devices in the Domain Computers group and extra information about them from Active Directory (e.g., operating system type and service pack version).
ad-ldap-enum supports both authenticated and unauthenticated LDAP connections. Additionally, ad-ldap-enum can process nested groups and display a user's actual group membership.
Source code and additional information may be found here: https://github.com/CroweCybersecurity/ad-ldap-enum