Understanding LDAP Search: CN, OU, and DC in Active Directory

LDAP (Lightweight Directory Access Protocol) is the standard protocol used to access and manage directory information services. In Active Directory, LDAP is used to search and retrieve information about objects in the directory.

When performing an LDAP search in Active Directory, there are three important attributes to understand: CN, OU, and DC.

CN stands for Common Name and is used to specify the name of an object in the directory. For example, the CN for a user object might be "John Smith".

OU stands for Organizational Unit and is used to specify the location of an object in the directory. An OU is a container that can hold other objects, such as users or groups. For example, an OU might be "Sales" or "IT".

DC stands for Domain Component and is used to specify the domain name in the directory. A domain is a logical group of network objects, such as computers, printers, and users. For example, the DC for a domain might be "contoso.com".

When performing an LDAP search in Active Directory, you can use these attributes to narrow down your search to specific objects within the directory. For example, if you wanted to search for all user objects in the "Sales" OU of the "contoso.com" domain, you would use the following search filter:

(&(objectCategory=user)(OU=Sales)(DC=contoso)(DC=com))

In summary, understanding the CN, OU, and DC attributes in Active Directory is essential for performing effective LDAP searches. By using these attributes in your search filters, you can locate specific objects within the directory with ease.