Jun 21, 2011 by Vinnie Lima | Leave a Comment

Often I am asked to integrate a software solution into Active Directory so that users are authenticated directly against AD (via LDAP or LDAP/S). One of the biggest pains is defining the Search Base DN (where LDAP will query if a user is indeed valid).

A neato tool that you can use to identify the fully qualified Search Base DN is dsquery. Use the following command to search on a Directory Server to understand what are all of the users, and what are their DN:

dsquery user -limit 10000 | dsget user -dn > out.txt

Then simply open up “out.txt” and you will see all of the available DNs for each user!

Hope this helps!

About the author:

Vinnie Lima

Vinnie Lima is the Managing Director for VVL Systems & Consulting, a small business focusing on IT Optimization for Cloud, Infrastructure, and End Users. Based out of Baltimore, Maryland, Vinnie Lima has over 21 years in IT Automation, Orchestration, and Cloud. Mr. Lima’s career has been focusing on helping customers drive value from their IT investments through the use of leading edge technologies and approaches, driving innovation in a wide spectrum of industries such as DoD, Federal, Health Care, and Financial.

facebook twitter linkedin instagram