Blog Post

AD Distinguished Name

Wednesday, March 30, 2016 1:36 PM

Lets spent some time learning about active directory. 

Distinguished Name

Objects are located within Active Directory domains according to a hierarchical path, which includes the labels of the Active Directory domain name and each level of container objects. The full path to the object is defined by the distinguished name (also known as a "DN"). The name of the object itself, separate from the path to the object, is defined by the relative distinguished name.

The distinguished name is unambiguous (identifies one object only) and unique (no other object in the directory has this name). By using the full path to an object, including the object name and all parent objects to the root of the domain, the distinguished name uniquely and unambiguously identifies an object within a domain hierarchy. It contains sufficient information for an LDAP client to retrieve the object's information from the directory.

For example, a user named James Smith works in the marketing department of a company as a promotions coordinator. Therefore, his user account is created in an organizational unit that stores the accounts for marketing department employees who are engaged in promotional activities. James Smith's user identifier is JSmith, and he works in the North American branch of the company. The root domain of the company is reskit.com, and the local domain is noam.reskit.com. The diagram in Figure 1.10 illustrates the components that make up the distinguished name of the user object JSmith in the noam.reskit.com domain.

 

 

AD Structure

The information above is from https://technet.microsoft.com/en-us/library/cc977992.aspx

How do I get distinguished name?

Using C# I have put toghet small example how to get the DN

 

 using (var context = new PrincipalContext(ContextType.Domain, domainName))
{
context.ValidateCredentials(serviceAccountName, serviceAccountPassword);
using (var searcher = new PrincipalSearcher(new UserPrincipal(context)))
{
foreach (Principal user in searcher.FindAll())
{
if (!string.IsNullOrWhiteSpace(user.DistinguishedName))
{
var dn = user.DistinguishedName;
}
       }
}
}