Because I keep ending up looking at my old scripts to refresh myself on how to do this by hand, here’s the recipe for querying AD with ldapsearch.

Find AD controllers from DNS

If your domain is WINDOWS.DOMAIN.TLD, lookup the _ldap._tcp.dc._msdcs record to find the domain controllers:

dig windows.domain.tld _ldap._tcp.dc._msdcs

Once you have a domain controller to search, use this recipe to search AD - replacing the bind user (user@WINDOWS.DOMAIN.TLD), search base (dc=windows,dc=domain,dc=tld), host (ldap://host_or_ip/) and query (cn=my_server_hostname) with the appropriate values:

ldapsearch -x -W -D user@WINDOWS.DOMAIN.TLD -b dc=windows,dc=domain,dc=tld -H ldap://host_or_ip/ cn=my_server_hostname