본문 바로가기
조회 수 5507 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print

http://roadzy.blogspot.com/2011/02/finding-your-base-dn-in-active.html



Finding your base DN in Active Directory

I was trying to do an LDAP query against Active Directory and I was unable to get the query to work.  A good tool to use to troubleshoot this is ldp.exe.  It is installed by default on Windows Server 2008, but I believe its on the Windows Server 2003 disc, just not installed by default.  A typical base DN is DC=microsoft, DC=com.  I was using exactly the same logic and it still wasn't working.  I then found a tool called dsquery.

I was able to use dsquery on my 2008 server.  I haven't had a chance to see if runs on Server 2003.  This is how it can be used to help you.

Open a command prompt (Start->Run->cmd).


If you type "dsquery" (Link) you will get what is below: (I modified it a little bit and added Links)

Description: This tool's commands suite allow you to query the directory
according to specified criteria. Each of the following dsquery commands finds
objects of a specific object type, with the exception of dsquery *, which can
query for any type of object:

  • Type "dsquery computer" - 
    • finds computers in the directory.
  • Type "dsquery contact" - 
    • finds contacts in the directory.
  • Type "dsquery subnet" - 
    • finds subnets in the directory.
  • Type "dsquery group" - 
    • finds groups in the directory.
  • Type "dsquery ou" - 
    • finds organizational units in the directory.
  • Type "dsquery site" - 
    • finds sites in the directory.
  • Type "dsquery server" - 
    • finds AD DCs/LDS instances in the directory.
  • Type "dsquery user" - 
    • finds users in the directory.
  • Type "dsquery quota" - 
    • finds quota specifications in the directory.
  • Type "dsquery partition" - 
    • finds partitions in the directory.
  • Type "dsquery *" - 
    • finds any object in the directory by using a generic LDAP query.

For help on a specific command, type "dsquery <ObjectType> /?" where
<ObjectType> is one of the supported object types shown above.
For example, dsquery ou /?.

Remarks:
The dsquery commands help you find objects in the directory that match
a specified search criterion: the input to dsquery is a search criterion
and the output is a list of objects matching the search. To get the
properties of a specific object, use the dsget commands (dsget /?).

The results from a dsquery command can be piped as input to one of the other
directory service command-line tools, such as dsmod, dsget, dsrm or dsmove.

Commas that are not used as separators in distinguished names must be
escaped with the backslash ("\") character
(for example, "CN=Company\, Inc.,CN=Users,DC=microsoft,DC=com").

Backslashes used in distinguished names must be escaped with a backslash
(for example,
"CN=Sales\\ Latin America,OU=Distribution Lists,DC=microsoft,DC=com").

Examples:
To find all computers that have been inactive for the last four weeks and
remove them from the directory:

    dsquery computer -inactive 4 | dsrm

To find all users in the organizational unit
"ou=Marketing,dc=microsoft,dc=com" and add them to the Marketing Staff group:

    dsquery user ou=Marketing,dc=microsoft,dc=com |    dsmod group
        "cn=Marketing Staff,ou=Marketing,dc=microsoft,dc=com" -addmbr

To find all users with names starting with "John" and display his office
number:

    dsquery user -name John* | dsget user -office

To display an arbitrary set of attributes of any given object in the
directory use the dsquery * command. For example, to display the
sAMAccountName, userPrincipalName and department attributes of the object
whose DN is ou=Test,dc=microsoft,dc=com:

    dsquery * ou=Test,dc=microsoft,dc=com -scope base
    -attr sAMAccountName userPrincipalName department

To read all attributes of the object whose DN is ou=Test,dc=microsoft,dc=com:

    dsquery * ou=Test,dc=microsoft,dc=com -scope base -attr *

Directory Service command-line tools help:
dsadd /? - help for adding objects.
dsget /? - help for displaying objects.
dsmod /? - help for modifying objects.
dsmove /? - help for moving objects.
dsquery /? - help for finding objects matching search criteria.
dsrm /? - help for deleting objects.

------

Hopefully this helped you like it helped me!

UPDATED:  Need to add the full config because we missed 2 things, but here is a page I wanted to link to because it talks about how to deny users by using LDAP

Title
List of Articles
번호 제목 글쓴이 날짜 조회 수
30 How to enable LAN Routing on Windows Server 2008 R2 file Hojung 2014.04.15 2427
29 Windows 2003 IAS를 이용한 스위치 및 무선 AP 802.1x RADIUS 인증 file Hojung 2013.04.15 4626
28 파티션 얼라이먼트와 디스크 성능 향상 (Partition Alignment) Hojung 2013.04.11 4574
27 Creating LAB users with a Powershell Script Hojung 2013.03.28 3425
26 Disable Password Requirements in Windows Server 2003 file Hojung 2013.03.28 3242
25 How to delete a windows service Hojung 2012.12.19 3357
24 How To Change Security Settings In Internet Explorer in Windows SRV 2008 file Hojung 2012.12.19 2903
23 Verify DNS registration for domain controllers using the nslookup command Hojung 2012.07.26 3494
22 Windows 2003에 RADIUS 인증 서버 설치 file Hojung 2012.02.04 8337
21 How to remove AD in windows 2003 Hojung 2012.01.23 4027
20 Changing Internet Explorer Security Settings on Windows Server 2008 Hojung 2011.11.24 4497
19 Windows 2008 암호정책 변경방법 Hojung 2011.11.19 5912
18 Disable Password Requirements in Windows Server 2003 Domains file Hojung 2011.11.19 5289
» Finding your base DN in Active Directory Hojung 2011.11.03 5507
16 Kerberos vs LDAP Hojung 2011.10.16 5323
15 Kerberos and LDAP in AD - 2 Hojung 2011.10.16 6417
14 Kerberos and LDAP in AD - 1 Hojung 2011.10.16 5111
13 윈도우 msc 실행명령어 모음 Hojung 2011.10.16 7772
12 Windows SRV 조직단위 및 사용자계정 - 2 Hojung 2011.10.16 5749
11 Windows SRV 조직단위 및 사용자계정 Hojung 2011.10.16 6109
Board Pagination ‹ Prev 1 2 Next ›
/ 2

Designed by sketchbooks.co.kr / sketchbook5 board skin

나눔글꼴 설치 안내


이 PC에는 나눔글꼴이 설치되어 있지 않습니다.

이 사이트를 나눔글꼴로 보기 위해서는
나눔글꼴을 설치해야 합니다.

설치 취소

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5