Using Auth.php which everyone should have, authenticating with Active Directory is pretty simple. I’ve tried this on an OpenLDAP directory and AD.

I really like this tool, redirect the output to a file and it should dump the whole tree in seconds. All I was really interested in was the dn, cn, mail, and displayName, but I found I was able to see much more.

Find computers and their description from the AD, Use LDP to search for tombstoned objects in AD, Show all replicated attributes in the AD Schema, Show an AD schema attribute, Find a list of CNs in the directory and return their homeDirectory, Identify the DN of an Active Directory group, Query a user from AD using WMI, etc.

There’s a .dll in the Windows 2k3 Resource Kit named “Acctinfo.dll” that’s not registered by default. If you copy this .dll to a machine where you browse AD with Active Directory Users and Computers snapin, and register it, you’ll start seeing several additional attributes that were not queried before like password expiration date, SID, GUID, etc.