Active Directory attributes

This page contains tips on how to obtain the USERNAME and the USER BASE DN and GROUP BASE DN attributes when creating an Active Directory type user directory.

Username

All three attributes should be expressed with a valid LDAP syntax.

Normally a domain administrator should provide these values, however there is a way to get the USERNAME as a LDAP DN, that is needed for the Metadefender Update Downloader to do searches in the directory information tree, and it is as follows:

Log on to a Windows server machine that has connectivity to the Active Directory

  1. Choose a user that is intended for this purpose (ie: has rights to do searches in the tree)
  2. Open a Command window with elevated rights (Run as Administrator)
  3. Assuming example.com as domain and John Smith with account name john.smith as the user, type the following:
cmd

or

cmd

User base and group base DN

Once the user DN is obtained, an easy way to get the DNs for the user and group searches is by taking all the DC parts of the user DN and leaving the rest out, which results in the following DN:

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard