Understanding LDAP Search: CN, OU, and DC in Active Directory

LDAP (Lightweight Directory Access Protocol) is the standard protocol used to access and manage directory information services. In Active Directory, LDAP is used to search and retrieve information about objects in the directory.

When performing an LDAP search in Active Directory, there are three important attributes to understand: CN, OU, and DC.

CN stands for Common Name and is used to specify the name of an object in the directory. For example, the CN for a user object might be "John Smith".

OU stands for Organizational Unit and is used to specify the location of an object in the directory. An OU is a container that can hold other objects, such as users or groups. For example, an OU might be "Sales" or "IT".

DC stands for Domain Component and is used to specify the domain name in the directory. A domain is a logical group of network objects, such as computers, printers, and users. For example, the DC for a domain might be "contoso.com".

When performing an LDAP search in Active Directory, you can use these attributes to narrow down your search to specific objects within the directory. For example, if you wanted to search for all user objects in the "Sales" OU of the "contoso.com" domain, you would use the following search filter:


In summary, understanding the CN, OU, and DC attributes in Active Directory is essential for performing effective LDAP searches. By using these attributes in your search filters, you can locate specific objects within the directory with ease.

Click to rate this post!
[Total: 0 Average: 0]

Related posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Go up

Below we inform you of the use we make of the data we collect while browsing our pages. You can change your preferences at any time by accessing the link to the Privacy Area that you will find at the bottom of our main page. More Information