There are too many acronyms like DN, DC, OU, CN, GPO and they are easy to understand
AD: Active Directory
DN : Distinguished Name
DC: Domain Controller/Component
OU: Organizational Unit
CN: Common Name
GPO: Group Policy
Fig. Organization tree structure depicted by AD heirarchy
In Active Directory , eDirectory or any LDAP compliant directory , objects are referred to by Distinguished Name (DN) . The parts of a distinguished name, delimited by commas, represent where in AD hierarchy the object exists.
Monikers in a DN are:
CN Common Name cn=Joe Dirt
OU Organization Unit ou=Staff
DC Domain Controller/Component dc=UPS
An example of the Distinguished Name of a user object could be:
cn=Joe Dirt, ou=Staff, ou=Finance, ou=Dept, ou=UPS, dc=ad, dc=ups, dc=com
In this case, the object with Common Name 'Joe Dirt' is in the Organizational Unit 'Staff', which in turn is in the Organizational Unit 'Finance', which in turn is in the Organizational Unit 'Dept', which in turn is in Organization Unit 'UPS', which is in the domain 'ad.ups.com'.
You can use various free LDAP browsers like Softerra , JXplorer to browse directories.
More examples to clarify the concept:
If you want to refer to all the objects under UPS Organizational Unit/Container, you should use
BASE DN: ou=UPS, dc=ad, dc=ups, dc=com
If you want to refer to all the objects under Finance Organizational Unit/Container, you should use
BASE DN: ou=Finance, ou=Dept, ou=UPS, dc=ad, dc=ups, dc=com
If you want to login as Joe Dirt to make LDAP query, you should use following DN
USER DN: cn=Joe Dirt, ou=Staff, ou=Finance, ou=Dept, ou=UPS, dc=ad, dc=ups, dc=com
CN is used for the default system based containers. OU is also used for containers. One major difference between a CN container and a OU container is that GPOs can be applied only to OUs, not to CNs.
Reference: wiki, forums and various text books
No comments:
Post a Comment