A recent project at work required me to access employee data in Active Directory, using a data integration tool to read the data and write it to a SQL Server database.
We used LDAP (Lightweight Directory Access Protocol) to query the Active Directory data to bring over.
DN = Distinguished Name – A group of names to uniquely identify an object within AD, like a user.
OU = Organizational Unit – A namespace or grouping for AD objects.
DC = Domain Component – The domain names.
CN = Common Name – The object name.
RDN = Relative Distinguished Name – A unique name within a particular level.
So with a string “CN=Jane Doe,CN=Users,OU=Corporate,DC=example,DC=com”:
The entire string is a Distinguished Name. It reads from right to left, from the highest level in the hierarchy down to the most specific component. This object is a User, Jane Doe, that is in the Corporate container for the domain example.com. Jane Doe is a RDN within User, like example.com is unique within domain names.
Remote Server Administration Tools:
Thw Remote Server Administration Tools is a download from Microsoft, a collection of several programs. Two that we are interested in are DS Query and ADSI Edit.
ADSI (Active Directory Service Interfaces) Edit is a graphical tool to navigate the AD hierarchy. We can drill down to a specific object, like a user, and then see the properties for that object.
DSQuery is a command line tool that can be used to query Active Directory and to see properties for an object. I’ve used Powershell to call the program.
Here are some basic DSQuery commands.
- All users in container:
dsquery user cn=users,OU=Corporate,DC=example,DC=com
Name starts with Jane
dsquery user -name “jane*”
All attributes for user:
dsquery * “CN=Jane Doe,CN=Users,OU=Corporate,DC=example,DC=com” -scope base -attr *