We use cookies on this page to better serve you. You can find more information about cookies here.

Distinguished Name

Distinguished Name
by
Distinguished Name

Everything in AD (Active Directory) has a Distinguished Name. A Distinguished Name can be used in many situations such as setting up an application to use a service account or adding AD groups or users into applications and so much more.

A Distinguished Name is also known as a DN. A benefit of an using a DN is that no two objects in Active Directory can ever have the same DN.

In this post I’ll show step-by-step how to get the Distinguished Name for the various items in Active Directory via the GUI and PowerShell.

GUI Way

  • Open Active Directory Users and Computers
  • Click on View > Advanced Features
  • Right click on anything in AD and click on Properties
  • Click on the Attribute Editor tab.
  • Scroll down until you find the attribute named distinguishedName double click it (or click View) to view the details.
  • You can now see the Distinguished Name for that item.

The process is the exact same for any item in AD.

PowerShell Way

The PowerShell method is a bit more specific than just right clicking on something. Here is a breakdown for each item I could think of that you could need the DN for.

OU (Organizational Unit)

  • To get the DN for all OUs run the following command Get-ADOrganizationalUnit -Filter 'Name -like "*"' | FL Name, DistinguishedName

Groups

  • To get the DN for a group run the following command and replace GROUP NAME with the name of the group you want to get the DN of Get-ADGroup -Identity "GROUP NAME" | FL Name, DistinguishedName

For example I want to get the DN of the group named Group 1, the command I will run is Get-ADGroup -Identity "Group 1" | FL Name, DistinguishedName

Service Accounts

  • To get the DN for a service account run the following command and replace SERVICE ACCOUNT NAME with the name of the service account you want to get the DN of Get-ADServiceAccount -Identity "SERVICE ACCOUNT NAME" | FL Name, DistinguishedName

For example I want to get the DN for the service account named Service1, the command I will run is Get-ADServiceAccount -Identity Service1 | FL Name, DistinguishedName

Computers

  • To get the DN of a computer run the following command and replace COMPUTER NAME with the name of the computer you want to get the DN of Get-ADComputer -Identity "COMPUTER NAME" | FL Name, DistinguishedName

For example I want to get the DN for the computer named Computer1, the command I will run is Get-ADComputer -Identity Computer1 | FL Name, DistinguishedName

Users

  • To get the DN for a user run the following command and replace USERNAME with the name of the user account you want to get the DN of Get-ADUser -Identity "USERNAME" | FL Name, DistinguishedName

For example I want to get the DN of the user named User1, the command I will run is Get-ADUser -Identity User1 | FL Name, DistinguishedName

Those are all the various methods to get a distinguished name from Active Directory.

Related posts:

Deploying Windows LAPS Create Active Directory Central Store Default ThumbnailDisable Auto Windows Updates Swap Microsoft 365 Licenses with Microsoft Graph
IT
Active DirectoryHow ToMicrosoftPowerShell
Microsoft 365 Audit Logging
Previous post
My VMware vExpert Journey
Next post

One response to “Distinguished Name

Leave a comment

Your email address will not be published. Required fields are marked *

theDXT on GitHub
theDXT on Twitter
theDXT on YouTube