What is my DC?

Windows 2003 AD Server and RSA

I'm trying to connect RSA Auth Manager to my AD. It wants "User Base DN" and "User Group Base DN".

My domain is corp.company.com

User Base DN: cn=users,DC=corp,DC=company,DC=com
User Group Base DN: ou=Groups,DC=corp,DC=company,DC=com

It didn't like that answer.  How do I find the answers in AD?
md168Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
ShawnConnect With a Mentor Sr. Network AdministratorCommented:
And on this install guide they use ou=users instead of cn=users.

http://www.edutech.me.uk/technical/installing-rsa-authentication-manager-7-1/
0
 
s3triosCommented:
Active Directory users and computers>computers>domain Controllers
0
 
ShawnSr. Network AdministratorCommented:
In Active directory go to the OU that stores your users. Right click and go to properties. Click on the Attribute Editor tab. Copy the value in the distinguishedName.

Though if your users are in the users OU and the groups are in the groups OU, then what you have is already correct. there must be something else mis configured.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
IceCodeCommented:
It might not like that you are using the default "users" container, it is not an organization unit (OU).  Try creating an OU named after your company and make a "users" OU and "security groups" OU under that, then update your DNs accordingly.  I.e. ou=users, ou="My Company", dc=corp, dc=company, dc=com.

It looks right otherwise.
0
 
md168Author Commented:
s3trios: clicking on domain controllers shows my two domain controllers.  

cmscheetz: When I right click on corp.company.com and select properties, there is no Attribute Editor tab.  Does this exist in Win2003?
0
 
ShawnSr. Network AdministratorCommented:
Sorry, Go to View and check Advanced Features. You will see it after that.
0
 
md168Author Commented:
cmscheetz: Advanced Features is already checked.  I looked at both my domain controllers and when I right click on corp.company.com, the tabs are General, Managed By, Object, Security, and Group Policy.  Do I need to install something to view the tab?
0
 
IceCodeCommented:
Use adsiEdit.msc it shows the DN for every object right in the mmc.  If you don't have it you can download it, but it comes with Win 7.
0
 
ShawnSr. Network AdministratorCommented:
Sorry! I just looked into it and this is a new feature in 2k8. But again your Distinguished Name is correct as long as your users are in the default users and not an OU you created outside of it.
0
 
ShawnSr. Network AdministratorCommented:
Apparently there are issues if the query returns too many results. Here is an article explaining. I hope it helps.

http://theether.net/kb/100055
0
 
IceCodeConnect With a Mentor Commented:
The default AD page size cmscheetz refers to is 1000, I'm guessing by the fact that you are using the default users container that you have no where near this many results.  If your directory is larger, this could be an issue though.  

Regarding cn vs ou.  CN is correct for the default users container.  If the app doesn't like it you should create a new OU as I said in my first post.
0
 
md168Author Commented:
Odd.   I got it to accept the following.

User Base DN: DC=corp,DC=company,DC=com
User Group Base DN: DC=corp,DC=company,DC=com

I removed cn=users and ou=Groups.

Do you think this will work?  I appreciate your help.
0
 
IceCodeCommented:
Hard to say without seeing what you are seeing.  I would just test it and see if you get the results you are expecting.  If it does work it is just scanning all of AD which isn't the most effecient but may be fine with a relatively small directory.
0
 
md168Author Commented:
I got it working.  Thanks for the help.
0
All Courses

From novice to tech pro — start learning today.