Finding LDAP/AD Distinguished Names
Posted: Sun Aug 04, 2024 8:52 am
The base Distinguished Name (DN) for a user or a group is their LDAP DN.
You have to know the user's or groups Active Directory name to find their Distinguished Names.
Finding the base DN of a user
Open a Windows command prompt on AD server.
Type the command:
dsquery user -name <known username>
For example:
dsquery user -name "John Doe"
"CN=John Doe,CN=Users,DC=nim,DC=qa,DC=dc,DC=hytrust,DC=com"
Finding the base DN of a group
Open a Windows command prompt on the AD server.
Type the command:
dsquery group -name <known group name>.
For example:
dsquery group -name "KC-USRS"
"CN=KC-USRS,CN=Users,DC=nim,DC=qa,DC=dc,DC=hytrust,DC=com"
Shared From: https://docs.hytrust.com/DataControl/5. ... Names.html
You have to know the user's or groups Active Directory name to find their Distinguished Names.
Finding the base DN of a user
Open a Windows command prompt on AD server.
Type the command:
dsquery user -name <known username>
For example:
dsquery user -name "John Doe"
"CN=John Doe,CN=Users,DC=nim,DC=qa,DC=dc,DC=hytrust,DC=com"
Finding the base DN of a group
Open a Windows command prompt on the AD server.
Type the command:
dsquery group -name <known group name>.
For example:
dsquery group -name "KC-USRS"
"CN=KC-USRS,CN=Users,DC=nim,DC=qa,DC=dc,DC=hytrust,DC=com"
Shared From: https://docs.hytrust.com/DataControl/5. ... Names.html