Reputation: 147
LDAP CN as a container
I was running a script to pull back LDAP paths, and I noticed that some DN has 2 CN entries eg
CN=User1,CN=Users,DC=....
CN=User1,CN=Users,DC=....
I was wondering if this was possible to have set up inside AD, and if it is then why would a OU not be used instead of 2 CN's. I was under the impression that best practice would be to only have 1 CN as the terminal object.
Thanks for reading.
Upvotes: 0
Views: 2942
Answers (1)
Reputation: 40928
Those user DN's you show are in the built-in Users container. Note they are a container, not an OU. Thus, they are indicated in a distinguished name with "CN".
An OU is indicated with "OU".
The difference between a container and OU was answered here, but in short, the only difference really is that you cannot specify group policies on containers (but they do inherit policies).
Upvotes: 2
Related Questions
- Load balancing LDAPS to Active Directory using simple bind
- LDAP authentication works with DN but not with CN of AD
- Active Directory
- LDAPS for an Azure AD
- LDAP implementations between different directory services providers
- How do I query ActiveDirectory using LDAP with a username, not a CN?
- LDAP filter by CN name, starts with
- c# against Active Directory over LDAP
- Support for LDAP in .NET Framework
- LDAP Implementation in .net