Difference between revisions of "LDAP Active Directory"

('''Finding the DN (distinguished name) of a user in Active Directory:''')
m (ADSIEDIT.MSC: expired url fix.)
 
(6 intermediate revisions by 5 users not shown)
Line 2: Line 2:
  
  
You may be aksed to define a DN so that a service can bind to it to authenticate a query. Each user in Active Directory has a distinguished name. However, you cannot find it through the ADUC tool.  
+
You may be asked to define a DN so that a service can bind to it to authenticate a query. Each user in Active Directory has a distinguished name. However, you cannot find it through the ADUC tool.  
  
From a command prompt on your domain controller type: ldifde -f c:\export.txt
+
From a command prompt on your domain controller type: '''ldifde -f c:\export.txt'''
  
 
View the export.txt file in Notepad and do a find on the username. For example, you do a find on username zimbrauser. You will see something like this:
 
View the export.txt file in Notepad and do a find on the username. For example, you do a find on username zimbrauser. You will see something like this:
Line 12: Line 12:
  
 
This means that zimbrauser is in the OU called External in your AD forest exonline.intranet.
 
This means that zimbrauser is in the OU called External in your AD forest exonline.intranet.
 +
 +
== Using dsquery ==
 +
 +
From the command prompt you may also use the dsquery utlity.
 +
 +
dsquery user forestroot -samid zimbrauser
 +
 +
Which like the instructions above will return the user dn:
 +
"CN=zimbrauser,OU=External,DC=exonline,DC=intranet"
 +
 +
 +
== ADSIEDIT.MSC ==
 +
One of the free tools available for Windows 2003 is ADSIEdit[https://technet.microsoft.com/en-us/library/cc773354%28v=ws.10%29.aspx]. You can grab this with the tools that come on the CD or through Microsoft. ADSIEdit exposes the raw LDAP-like underbelly of AD, and allows you to see objects and attributes, and run LDAP queries. It will easily allow you to find the full path of any object.
 +
 +
{{Article Footer|unknown|4/21/2006}}
 +
 +
[[Category:LDAP]]

Latest revision as of 21:26, 22 January 2015

Finding the DN (distinguished name) of a user in Active Directory:

You may be asked to define a DN so that a service can bind to it to authenticate a query. Each user in Active Directory has a distinguished name. However, you cannot find it through the ADUC tool.

From a command prompt on your domain controller type: ldifde -f c:\export.txt

View the export.txt file in Notepad and do a find on the username. For example, you do a find on username zimbrauser. You will see something like this:


CN=zimbrauser,OU=External,DC=exonline,DC=intranet

This means that zimbrauser is in the OU called External in your AD forest exonline.intranet.

Using dsquery

From the command prompt you may also use the dsquery utlity.

dsquery user forestroot -samid zimbrauser 

Which like the instructions above will return the user dn: "CN=zimbrauser,OU=External,DC=exonline,DC=intranet"


ADSIEDIT.MSC

One of the free tools available for Windows 2003 is ADSIEdit[1]. You can grab this with the tools that come on the CD or through Microsoft. ADSIEdit exposes the raw LDAP-like underbelly of AD, and allows you to see objects and attributes, and run LDAP queries. It will easily allow you to find the full path of any object.

Verified Against: unknown Date Created: 4/21/2006
Article ID: https://wiki.zimbra.com/index.php?title=LDAP_Active_Directory Date Modified: 2015-01-22



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search