Querying Active Directory from Solaris

$ ldapsearch -h ad.example.com -p 389 -b 'dc=ad,dc=example,dc=com' \
-D 'AD\gtoft' -w 'secret' '(sAMAccountName=gtoft)' \
displayName sAMAccountName uidNumber gidNumber unixHomeDirectory loginShell memberOf
dn: CN=George Toft,OU=People,DC=ad,DC=example,DC=com displayName: George Toft memberOf: CN=ACCESS-GROUP-A,OU=UNIX,DC=ad,DC=example,DC=com memberOf: CN=adusers,OU=UNIX,DC=ad,DC=example,DC=com memberOf: CN=Unix-TIER2-Users,OU=UNIX,DC=ad,DC=example,DC=com memberOf: CN=Unix-TIER1-Users,OU=UNIX,DC=ad,DC=example,DC=com memberOf: CN=PBIS Admins,DC=ad,DC=example,DC=com sAMAccountName: gtoft uidNumber: 1404609686 gidNumber: 1404612127 unixHomeDirectory: /home/gtoft loginShell: /bin/bash $

If you get this error:

ldap_search: Referral hop limit exceeded
Additional info: 0000202B: RefErr: DSID-031007EF, data 0, 1 access points ref 1: 'ad.example.com'
fix your search base.  Even if ADUC shows ad.example.com, break apart the domain components like this:
DC=ad,DC=example,DC=com