search cancel

Test connectivity between an Active Directory server and Messaging Gateway using ldapsearch


Article ID: 177138


Updated On:


Messaging Gateway


You need to test connectivity between Symantec Messaging Gateway (SMG) and an Active Directory server.


Use the CLI command "ldapsearch" to perform queries from Messaging Gateway to ensure that communication is working.

To test connectivity using ldapsearch on an Active Directory server:

  1. Use a Secure Shell (SSH) client to connect to the Messaging Gateway appliance.
  2. Log in as admin.
  3. At the command prompt, type the following command:

    ldapsearch -x -b "dc=<Domain>,dc=<TLD>" -D "<[email protected]>" -h <AD IP> -W '<search query filter>'

    Substitute the variable information with the data found in the Control Center (on the Settings tab) for Edit LDAP Server:
    Domain Domain name as it appears in the Query start (Auth base DN:) box
    TLD Top-level domain as it appears in the Query start (Auth base DN:) box
    [email protected] Active Directory user login information as it appears in the Name (bind DN: ) box
    AD IP Active Directory server IP address as it appears in the Host box.
    search query filter Filter used to retrieve entries
  4. Type the Active Directory user login password when prompted.
    A block of Active Directory information is returned.

Search examples for an Active Directory server

To search for all user accounts minus disabled accounts:

ldapsearch -x -b "dc=example,dc=com" -D "[email protected]" -h -W '(&(proxyAddresses=smtp*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))'

To test a search that will not return any results for LDAP groups:

ldapsearch -x -b "dc=example,dc=com" -D "[email protected]" -h -W '(&(syncToSBG=true)(!(proxyAddresses=smtp*)))'

Note: The object syncToSBG=true will not exist in the LDAP source, and this will force the search to not find any results.

To search for all user accounts:

ldapsearch -x -b "dc=example,dc=com" -D "[email protected]" -h -W '(&(|(mail=*)(proxyAddresses=*))(sAMAccountName=*))'

Technical information

The ldapsearch utility is part of OpenLDAP. For more information, see