I'm trying to find the Base DN of the user that can access or controls all the users in Active Directory so I can put it in my LDAP.
Usually someone will give me this, and it looks like DC=domain,DC=company,DC=com
But the admin is not available, so I don't know how to find this in Active Directory.
I'm looking for a step by step to find this info. Which tree and tabs to open and how to construct it.
My user is: admin, the server is: controller-16.domain.company.com
But I don't know if they added OU or groups or something else
I know that this:
CN=admin,DC=domain,DC=company,DC=com
does not work. Nor does:
DC=domain,DC=company,DC=com
If the Base DN works on Gawor's LDAP Browser, then it will work for my LDAP.
cn: The distinguished name of the user object that is used to uniquely identify this object in the AD network.
Go to “Active Directory Users and Computers”. Click on “Users” or the folder that contains the user account. Right click on the user account and click “Properties.”
The moniker "ou" means organizational unit. The component "cn=Test2" is an object whose Common Name is "Test2". The moniker "cn" means Common Name. Similarly, the moniker "dc" means domain component. The component "dc=MyDomain" is a domain component with the name "MyDomain".
You could try my Beavertail ADSI browser - it should show you the current AD tree, and from it, you should be able to figure out the path and all.
Or if you're on .NET 3.5, using the System.DirectoryServices.AccountManagement
namespace, you could also do it programmatically:
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
This would create a basic, default domain context and you should be able to peek at its properties and find a lot of stuff from it.
Or:
UserPrincipal myself = UserPrincipal.Current;
This will give you a UserPrincipal
object for yourself, again, with a ton of properties to inspect. I'm not 100% sure what you're looking for - but you most likely will be able to find it on the context or the user principal somewhere!
Most common AD default design is to have a container, cn=users just after the root of the domain. Thus a DN might be:
cn=admin,cn=users,DC=domain,DC=company,DC=com
Also, you might have sufficient rights in an LDAP bind to connect anonymously, and query for (cn=admin)
. If so, you should get the full DN back in that query.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With