Understanding Active Directory Distinguished Names

In Active Directory, and I assume any system using LDAP, a Distinguished Name (DN) is a way to identify a given user with confidence. It is a string of Relative Distinguished Names, separated by commas. There are a number of different RDNs in existense, but for our purposes, these are the ones we might need:

String Attribute type
DC domainComponent
CN commonName
OU organisationalUnitName
O organisationName

A DN, then, comprises information about where in the Active Directory hierarchy we can find a given user’s account. If a user account name is JDOE and is located at Domain.com\Users\Superusers, the DN becomes CN=JDOE,OU=Superusers,OU=Users,DC=Domain,DC=com.






By posting a comment, you consent to our collecting the information you enter. See privacy policy for more information.

This site uses Akismet to reduce spam. Learn how your comment data is processed.