How do I build this LDAP connection string?

Question

I'm trying to retrieve user information in Active Directory, but am finding some things to be poorly documented. For example, the LDAP connection strings I have seen contain some keywords that I don't know the meaning of. Here's a sample:

LDAP://ofmdcoly302.ofm.wa.lcl/ou=employees,dc=ofm,dc=wa

What are the keywords "ou" and "dc" supposed to signify? In our case "ou=employees" seems to identify a particular AD node. However when I try to do a .FindAll() on the above directory entry, I get "A referral was returned from the server". I guess that means it couldn't find what I was looking for, but it might be available somewhere else? In one place I read "A referral is AD's way of saying, 'this object probably exists in another domain'".

What are "ou" and "dc" supposed to mean? And if I had this A/D structure, how would I code the LDAP connetion string to retrieve information in the "AR" node:

enter image description here

BartekB · Accepted Answer

This entry has two mistakes: it's not using root (dc=lcl), you also skipped one ou, should be ou=employees,ou=Users - OFMGOV,dc=ofm,dc=wa,dc=lcl

TBH if your really want to understand this notation I would suggest using ADSI Edit instead of ADUC that you probably use ATM - it will show you path the same way, so it will be easier to translate. It will also prevent you from shooting yourself in a foot with special containers like 'CN=Users' and 'CN=Computers':

Looking at LDAP Paths in ADSI Edit

For the OU you have highlighted it would most likely be:

ou=AR,ou=Citrix,ou=Users - OFMGOV,dc=ofm,dc=wa,dc=lcl

How do I build this LDAP connection string?

Answers (2)

Related Questions