Anonymous access check

we start by checking if we can access ldap information without any creds

ldapsearch -x -H ldap://192.168.214.122 -s base

if we got some output, we can try to enumerate users

ldapsearch -x -H ldap://192.168.214.122 -b "DC=hutch,DC=offsec" "(objectClass=user)" sAMAccountName

to enumerate and extract users with a one liner

ldapsearch -x -H ldap://192.168.214.122 -b "DC=hutch,DC=offsec" -s sub "(&(objectclass=user))"  | grep sAMAccountName: | cut -f2 -d" "