Distinguished Name

Everything in AD (Active Directory) has a Distinguished Name. A Distinguished Name can be used in many situations such as setting up an application to use a service account or adding AD groups or users into applications and so much more.

A Distinguished Name is also known as a DN. A benefit of an using a DN is that no two objects in Active Directory can ever have the same DN.

In this post I’ll show step-by-step how to get the Distinguished Name for the various items in Active Directory via the GUI and PowerShell.

GUI Way

• Open Active Directory Users and Computers

• Click on View > Advanced Features

• Right click on anything in AD and click on Properties

• Click on the Attribute Editor tab.

• Scroll down until you find the attribute named distinguishedName double click it (or click View) to view the details.

• You can now see the Distinguished Name for that item.

The process is the exact same for any item in AD.

PowerShell Way

The PowerShell method is a bit more specific than just right clicking on something. Here is a breakdown for each item I could think of that you could need the DN for.

OU (Organizational Unit)

• To get the DN for all OUs run the following command Get-ADOrganizationalUnit -Filter 'Name -like "*"' | FL Name, DistinguishedName

Groups

• To get the DN for a group run the following command and replace GROUP NAME with the name of the group you want to get the DN of Get-ADGroup -Identity "GROUP NAME" | FL Name, DistinguishedName

For example I want to get the DN of the group named Group 1, the command I will run is Get-ADGroup -Identity "Group 1" | FL Name, DistinguishedName

Service Accounts

• To get the DN for a service account run the following command and replace SERVICE ACCOUNT NAME with the name of the service account you want to get the DN of Get-ADServiceAccount -Identity "SERVICE ACCOUNT NAME" | FL Name, DistinguishedName

For example I want to get the DN for the service account named Service1, the command I will run is Get-ADServiceAccount -Identity Service1 | FL Name, DistinguishedName

Computers

• To get the DN of a computer run the following command and replace COMPUTER NAME with the name of the computer you want to get the DN of Get-ADComputer -Identity "COMPUTER NAME" | FL Name, DistinguishedName

For example I want to get the DN for the computer named Computer1, the command I will run is Get-ADComputer -Identity Computer1 | FL Name, DistinguishedName

Users

• To get the DN for a user run the following command and replace USERNAME with the name of the user account you want to get the DN of Get-ADUser -Identity "USERNAME" | FL Name, DistinguishedName

For example I want to get the DN of the user named User1, the command I will run is Get-ADUser -Identity User1 | FL Name, DistinguishedName

Those are all the various methods to get a distinguished name from Active Directory.