Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Finding CN of users in Active Directory

I'm trying to find the Base DN of the user that can access or controls all the users in Active Directory so I can put it in my LDAP.

Usually someone will give me this, and it looks like DC=domain,DC=company,DC=com

But the admin is not available, so I don't know how to find this in Active Directory.

I'm looking for a step by step to find this info. Which tree and tabs to open and how to construct it. My user is: admin, the server is: controller-16.domain.company.com But I don't know if they added OU or groups or something else

I know that this:

CN=admin,DC=domain,DC=company,DC=com

does not work. Nor does:

DC=domain,DC=company,DC=com

If the Base DN works on Gawor's LDAP Browser, then it will work for my LDAP.

like image 472
elcool Avatar asked Nov 11 '10 17:11

elcool


People also ask

What is the CN of a user in AD?

cn: The distinguished name of the user object that is used to uniquely identify this object in the AD network.

How do I see user details in Active Directory?

Go to “Active Directory Users and Computers”. Click on “Users” or the folder that contains the user account. Right click on the user account and click “Properties.”

What is CN and DC in Active Directory?

The moniker "ou" means organizational unit. The component "cn=Test2" is an object whose Common Name is "Test2". The moniker "cn" means Common Name. Similarly, the moniker "dc" means domain component. The component "dc=MyDomain" is a domain component with the name "MyDomain".


2 Answers

You could try my Beavertail ADSI browser - it should show you the current AD tree, and from it, you should be able to figure out the path and all.

alt text

Or if you're on .NET 3.5, using the System.DirectoryServices.AccountManagement namespace, you could also do it programmatically:

PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

This would create a basic, default domain context and you should be able to peek at its properties and find a lot of stuff from it.

Or:

UserPrincipal myself = UserPrincipal.Current;

This will give you a UserPrincipal object for yourself, again, with a ton of properties to inspect. I'm not 100% sure what you're looking for - but you most likely will be able to find it on the context or the user principal somewhere!

like image 144
marc_s Avatar answered Sep 22 '22 13:09

marc_s


Most common AD default design is to have a container, cn=users just after the root of the domain. Thus a DN might be:

cn=admin,cn=users,DC=domain,DC=company,DC=com

Also, you might have sufficient rights in an LDAP bind to connect anonymously, and query for (cn=admin). If so, you should get the full DN back in that query.

like image 23
geoffc Avatar answered Sep 22 '22 13:09

geoffc