Figuring out an Active Directory Objects DN Path

Figuring out an Active Directory Objects DN Path

Comments 0 Comment

There are times when you will need to figure out an object’d distinguished name path in Active Directory.  For example, you want to configure AD authentication.  There are a few different ways to do this, I’m going to show you two of them.

I’m doing this on Microsoft Windows Server 2012 R2 but the idea is the same for 2008/2008R2.

Method One:  Attribute Editor

  • On a domain controller, open up Active Directory Users and Computers
  • Click View and select Advanced Features
  • Find the user or group you need the attributes for and double click on it
  • Click on the Attribute Editor tab.  Note, this tab is only visible if you enable Advanced Features as outlined above
  • Scroll down and highlight distinguishedName and click View
  • With the path highlighted, press Ctrl-C to copy and paste it into a text editor like notepad.

You now have the Distinguished Name for this object!

Method Two:  LDP.EXE

LDP.EXE is a small executable that Microsoft started including with their support tools with Windows Server 2003.  It’s a great tool for browsing Active Directory and testing your credentials. It can be run remotely or on a domain controller.

It’s found either on Microsoft’s site or in the support tools location of your windows installation.  A quick (and careful) Google search should get you the file quickly.

One additional note, LDP is a powerful tool.  You can use it to edit and delete objects and attributes so use this carefully!

This example assume’s I’m running it from my laptop.

  • Once you run the tool it starts up blank.  Click Connection > Connect
  • Enter a domain controller’s IP address and click OK
  • After you are connected, note the right hand pane fills with basic AD data
  • Next, in order to browse or do anything you have to bind.  Click Connection > Bind.  Enter domain credentials.  Note, this is a great place to test credentials for a service account to ensure they are what you think they are!
  • Look in the right pane again, you should see you are successfully bound.  To get the meaningful information we are after, click View > Tree and select the root object, it will be the top one in the list.
  • After you click OK you will be able to browse to the object you need, right click on it and copy the DN

You now have the Distinguished Name for this object!

 

Leave a Reply

Your email address will not be published. Required fields are marked *