Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

[HOWTO] Query the "Description" field for a computer in Active Directory

Authentication Service ,  

24 September,20 at 04:43 PM

Some Active Directory fields are not returned by the simple use of the popular Centrify "adquery" command. In this article we explore other ways to query that information from a Linux/UNIX system that is joined to Active Directory using the Centrify ADEDIT tool and the Centrify ldapsearch utility. This is a good way to query fields that are not returned by the popular "adquery" command.

There are two ways to do this:

Option 1:
Using the ADEDIT tool.

In the is example, we are trying to see the content of the "Description" field for an object in Active Directory.
Linux system named "" has its "Description" field populated in Active Directory, we will use the ADEDIT utility to view the content in this "Description" field. In this example, the name of my Active Directory Domain is:


1) Log onto a Linux system that is joined to the Active Directory Domain.
2) Type "adedit" to get into the adedit shell prompt.
3)  Proceed to bind to the Active Directory Domain using the "bind" command along with the Active Directory username that has permissions to read/view the information trying to be seen. In this example, the username used is ""

bind ActiveDirectoryDomainName UserName
bind Administrator


4) Run the following command to select the system name

select_object "Insert the systems Distinguished Name here in quotes"
You may get the Computers Distinguished Name by running the command:
adquery user -A hostname$


5) Run the query below to return the "Description" field for the system:
get_object_field description


Option 2:

Querying for that information using the "ldapsearch" utility.

Use the query similar to the one below:

 /usr/share/centrifydc/bin/ldapsearch -m -H ldap:// -b "dc=ocean,dc=net" "(&(objectclass=User)(name=CENTOS7))" description


Note: As long as the field being queried does exist in Active Directory, and the user queryig the filed has read permissions on the Active Directory object, this process is smooth