ldapsearch -x -h
-b "OU=Users,OU=Vancouver,DC=Jokers,DC=com" -Duser@joker.com -W
Weirdly, the DN for AD looks like an e-mail address. What can I say? I don't know why this works, but this works. AD does not (by default) allow anonymous browsing, so you must authenticate (-D and -W) to list the info AD is storing.
This command is really useful for troubleshooting AD problems when you are trying to configure an app to authenticate against an AD server and you are not exactly sure of the settings. This utility allows you to quickly test different settings until you find something working.