In this tutorial, I will explain how to retrieve the base DN also called distinguishedName in an Active Directory.
This attribute is often used to configure LDAP/Active Directory bindings for applications.
All Active Directory objects (Users, Computers, Organizational Unit, etc.) have the attribute: distinguishedName and this is unique.
I say that the base DN attribute is unique, because you can have several OUs that have the same name for example.
There are several solutions to retrieve the distinguishedName attribute, in this tutorial we will see 3 of them.
In this tutorial, I chose an organizational unit, it’s the same thing for objects.
Retrieve the database from the console: Active Directory Users and Computers
We will start with the console which is the most used, but the least “practical”. you have to go to the Attribute Editor tab in the object properties, as you can see in the screenshot below, by default the tab is not available.
I didn’t specify it, to display the properties, simply right-click on the object and click Properties. 😉
To have the Attribute Editor tab, it is necessary to display the advanced features.
Click on Display 1 then on Advanced features 2.
If we open the object properties again, this time we have the Attribute Editor tab:
In the list look for the Attribute distinguishedName 1.
Double-click on it to open the editor, which opens a new window, where you can copy the DN base.
the distinguishedName attribute being read-only, for certain attributes, it is possible to modify their value.
Retrieve the DN base from ADAC – Active Directory Administrative Center
This time, we will go through the ADAC console.
Open the properties of the desired object 1 from the Tasks section.
Go to the Extensions section of the object 1, you will then have the Attribute Editor 2 tab which allows you to have the base DN 3 of the object.
With PowerShell and the Get-ADObject cmdlet
From a domain controller, open a PowerShell prompt and use the Get-ADObject command as below:
Get-ADObject -Filter 'Name -like "Nom de l objet"'
or the command below for list output:
Get-ADObject -Filter 'Name -like "Nom de l objet"' | fl
There are other Cmdlets to retrieve the distinguishedName of an object, I prefer to use Get-ADObject which is generic and which works on all objects.
You now know how to retrieve the base DN (distinguishedName) of an Active Directory object using different methods and there are many more…