As long as LDAP is accessible on your exchange server, you can use that. Here is a small script I wrote to do just that, showing the ldapseach command it uses internally:
$ 411 -d -e joe.user
command is "/usr/bin/ldapsearch -y ${HOME}/.ssh/temp -x -b dc=ACME,dc=com -H ldap://app.corp.company.com:3268 '(mail=joe.user@*)'"
Joe User 555 329 3485 joe.user@acme.com, NY
A few comments:
- at prior companies, you could do an unauthenticated bind. That was easier.
- you can see I store my password in my .ssh directory temporarily. this is bad in theory
- you can probably use any LDAP client. I wanted a simple script with no dependencies, so I parse ldapsearch output