Intro
In Active Directory, a Distinguished Name is a string that uniquely identifies an object while also describing its location in the Active Directory hierarchy. Every object in Active Directory has a distinguished name, whether it's a user, computer, group, or even more advanced items like TPM Devices and or an IP Security policies. They are primarily generated by combining the object's Common Name (CN), Organizational Unit (OU), and Domain Component (DC).
Aside from usage by Active Directory itself, distinguished names are often used for scripting tasks, Lightweight Directory Access Protocol (LDAP) queries, and other Active Directory management tasks.
Steps
1. On your domain controller, open Active Directory Users and Computers
2. To view the distinguished name of an object, you'll first need to make sure the Advanced Features option is selected in the View menu
3. Then, locate the object you want to get the distinguished name of, and right-click to select Properties. In our example, we'll be using a User object
4. In the object's Properties dialog, select the Attribute Editor tab
5. Scroll through the Attributes list until you find "distinguishedName". You can also repeatedly type the "d" key to quickly jump through the list
6. Finally, double-click on the "distinguishedName" property or select it and click View to see it's full contents. From here you can copy and paste the value wherever you may need it!
Note: The Distinguished Name of an object cannot be changed directly as it is a computed property based on the object's other attributes. To change a distinguished name, you would have to change the attributes that make up that distinguished name (e.g. common name, organizational unit, etc.)
Conclusion
That's it! Finding the distinguished name of an object in Active Directory is quick and easy once you know how to get to it! We hope this tutorial was helpful and we encourage you to contact us for all of your IT consulting and Microsoft licensing needs!
