Quickly Find Active Directory Object Distinguished Name (DN)

A lot of Microsoft command line utilities require information in the form of Distinguished Name (DN), this value can be quickly found using the utility ldp.exe, found on Domain Controllers (DC), and client computers with the Administration Tools.

From the Run prompt or Command Prompt launch ldp.exe. This should present you with a dual pane dialog box utility. The first step is to make a connection to a DC, Connection¬†> Connect…, you can leave the hostname field blank to connect to the DC you are currently on, otherwise type the DC you wish to connect. Select SSL, if your environment uses LDAPS.


Next you need to bind¬†(Connection > Bind…) using credentials, these could be credential you are currently logged in as, or this can be credentials that you provide.


Once you complete the bind, click View and select Tree, select from the combo dropdown box the BaseDN you will like to browse. Click OK, Active Directory objects should be visible in the left pane, and the output of object selection should be in the right pane.


In the left pane, navigate to the object, select the object. Double clicking the object will attempt to expand the it further, printing details in the right pane. The DN value is in bold near the top of the object output. Right click the object and click Copy DN to copy the object DN value to the clipboard.

Now with the value on the clipboard, you can paste the value to where ever it is needed, if rdpclip is behaving you can copy between server and client.

No comments yet.

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>