Often I am asked to integrate a software solution into Active Directory so that users are authenticated directly against AD (via LDAP or LDAP/S). One of the biggest pains is defining the Search Base DN (where LDAP will query if a user is indeed valid).
A neato tool that you can use to identify the fully qualified Search Base DN is dsquery. Use the following command to search on a Directory Server to understand what are all of the users, and what are their DN:
dsquery user -limit 10000 | dsget user -dn > out.txt
Then simply open up “out.txt” and you will see all of the available DNs for each user!
Hope this helps!