Finding CN of users in Active Directory

Question

I'm trying to find the Base DN of the user that can access or controls all the users in Active Directory so I can put it in my LDAP.

Usually someone will give me this, and it looks like DC=domain,DC=company,DC=com

But the admin is not available, so I don't know how to find this in Active Directory.

I'm looking for a step by step to find this info. Which tree and tabs to open and how to construct it. My user is: admin, the server is: controller-16.domain.company.com But I don't know if they added OU or groups or something else

I know that this:

CN=admin,DC=domain,DC=company,DC=com

does not work. Nor does:

DC=domain,DC=company,DC=com

If the Base DN works on Gawor's LDAP Browser, then it will work for my LDAP.

Answer 1

You could try my Beavertail ADSI browser - it should show you the current AD tree, and from it, you should be able to figure out the path and all.

Or if you're on .NET 3.5, using the System.DirectoryServices.AccountManagement namespace, you could also do it programmatically:

PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

This would create a basic, default domain context and you should be able to peek at its properties and find a lot of stuff from it.

Or:

UserPrincipal myself = UserPrincipal.Current;

This will give you a UserPrincipal object for yourself, again, with a ton of properties to inspect. I'm not 100% sure what you're looking for - but you most likely will be able to find it on the context or the user principal somewhere!

Answer 2

Most common AD default design is to have a container, cn=users just after the root of the domain. Thus a DN might be:

cn=admin,cn=users,DC=domain,DC=company,DC=com

Also, you might have sufficient rights in an LDAP bind to connect anonymously, and query for (cn=admin). If so, you should get the full DN back in that query.