Often I am asked to integrate a software solution into Active Directory so that users are authenticated directly against AD (via LDAP or LDAP/S).  One of the biggest pains is defining the Search Base DN (where LDAP will query if a user is indeed valid).

A neato tool that you can use to identify the fully qualified Search Base DN is dsquery.  Use the following command to search on a Directory Server to understand what are all of the users, and what are their DN:


dsquery user -limit 10000 | dsget user -dn > out.txt


Then simply open up “out.txt” and you will see all of the available DNs for each user!


Hope this helps!

About the author:

Vinnie Lima

Vinnie Lima is the Managing Director for VVL Systems & Consulting, a small business focusing on IT Optimization for Cloud, Infrastructure, and End Users. Based out of Baltimore, Maryland, Vinnie Lima has over 21 years in IT Automation, Orchestration, and Cloud. Mr. Lima’s career has been focusing on helping customers drive value from their IT investments through the use of leading edge technologies and approaches, driving innovation in a wide spectrum of industries such as DoD, Federal, Health Care, and Financial.

facebook twitter linkedin instagram

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to our Newsletter
Stay informed with the latest technology news, industry events, and training offered by VVL Systems for free! Fill out this form and receive our newsletter delivered straight to your inbox.

See how VVL has helped clients leverage the latest technologies and agile capabilities.

Latest VVL and Industry News

What is a Zero Trust Maturity Model?

In this article, we'll review the recent materials, standards, and guidance principles related to Zero Trust Framework with the hope…

COVID-19 Support

VVL Systems is increasing our proactive action to assist the fight against COVID-19, together with Federal, State, and Local governments…

Upcoming VVL and Industry Events