Finding LDAP/AD Distinguished Names

The base Distinguished Name (DN) for a user or a group is their LDAP DN. You have to know the user's or groups Active Directory name to find their Distinguished Names.

Finding the base DN of a user

1. Open a Windows command prompt on AD server.

2. Type the command:

   dsquery user -name <known username>

   For example:

   dsquery user -name "John Doe"
   "CN=John Doe,CN=Users,DC=nim,DC=qa,DC=dc,DC=hytrust,DC=com"

Finding the base DN of a group

1. Open a Windows command prompt on the AD server.

2. Type the command:

   dsquery group -name <known group name>.

   For example:

   dsquery group -name "KC-USRS"
   "CN=KC-USRS,CN=Users,DC=nim,DC=qa,DC=dc,DC=hytrust,DC=com"