Linux: Find max uidNumber on LDAP

Whenever you want to add a new user you must make sure that the uidNumber is set to a unique number, if you have many users it could sometimes take a while to find which is the last uidNumber set to a user, to find the last uidNumber run this.

ldapsearch -H ldaps://your-ldap-domain -D "cn=Manager,dc=domain,dc=com" -W | awk '/uidNumber: / {print $2}' | sort | tail -n 1
  • TheGr8ragoo

    If you are using the UNIX subsystem for MS Active Directory you have to use powershell to query ldap properties and input to a variable

    $NIS = get-adobject “cn=contoso,cn=ypservers,ypserv30,cn=rpcservices,cn=system,dc=contoso,dc=com” -properties *

    The properties of the above query includes all ldap properties including a field named msSFU30MaxUidNumber. You can call the raw value (no formatting, field name) by using $NIS.msSFU30MaxUidNumber.

    If you are scripting AD accounts in a hybrid Mac/Linux/Windows environment you need to use max uid to enable UNIX network user accounts based off of AD (as account single source of truth). To ensure no duplicates add a counter to your powershell script so each new account increases the value +1

  • Harald Oest

    One should add the “-n” option to the sort command otherwise the uidNumbers are sorted alphanumerical which considers e.g. 8000 higher than 53010.