#!/usr/bin/env bash# Author: m8r0wn# Description: Uses the Linux net commands

1. #!/usr/bin/env bash
2.  
3. # Author: m8r0wn
4. # Description: Uses the Linux net commands to lookup a user in Active Directory
5. # This is the Linux equivalent of: net user [Username] /domain
6. # Usage: ./aduser_lookup.sh [username] [password] [DC-Server] [Lookup-User]
7.  
8. if [ ! $1 ];
9. then
10. printf "[-] Usage: $0 Username Password DC_Server username_to_lookup\n"
11. exit 0
12. fi
13.  
14. #Get info about single user in AD
15. printf "\nAD User Lookup:\n"
16. printf '%s\n' '-----------------------'
17. printf "user edit fullname '$4'"| net rpc shell -U "$1"%"$2" -S $3|tail -n +2
18. printf "user edit homedir '$4'" | net rpc shell -U "$1"%"$2" -S $3|tail -n +2
19. printf "user edit homedrive '$4'" | net rpc shell -U "$1"%"$2" -S $3|tail -n +2
20. printf "user edit logonscript '$4'" | net rpc shell -U "$1"%"$2" -S $3|tail -n +2
21. printf "user edit profilepath '$4'" | net rpc shell -U "$1"%"$2" -S $3|tail -n +2
22. printf "user edit description '$4'" | net rpc shell -U "$1"%"$2" -S $3|tail -n +2
23. printf "user edit disabled '$4'" | net rpc shell -U "$1"%"$2" -S $3|tail -n +2
24.  
25. output="$(printf "user edit autolock '$4'" | net rpc shell -U "$1"%"$2" -S $3|tail -n +2)"
26. printf "${output} (Currently locked out)\n"
27.  
28. #find users with password not set to change or no expiration
29. output="$(printf "user edit pwnotreq '$4'" | net rpc shell -U "$1"%"$2" -S $3|tail -n +2)"
30. printf "${output} (Password not required)\n"
31.  
32. output="$(printf "user edit pwnoexp '$4'" | net rpc shell -U "$1"%"$2" -S $3|tail -n +2)"
33. printf "${output} (Password never expire?)\n"
34.  
35. printf "\nGroup Memberships:\n"
36. printf '%s\n' '-----------------------'
37. printf "user info '$4'" | net rpc shell -U "$1"%"$2" -S $3|tail -n +2
38. printf "\n"