Solved

What is my DC?

Posted on 2011-02-10
14
763 Views
Last Modified: 2012-05-11
Windows 2003 AD Server and RSA

I'm trying to connect RSA Auth Manager to my AD. It wants "User Base DN" and "User Group Base DN".

My domain is corp.company.com

User Base DN: cn=users,DC=corp,DC=company,DC=com
User Group Base DN: ou=Groups,DC=corp,DC=company,DC=com

It didn't like that answer.  How do I find the answers in AD?
0
Comment
Question by:md168
  • 5
  • 4
  • 4
  • +1
14 Comments
 

Expert Comment

by:s3trios
ID: 34866301
Active Directory users and computers>computers>domain Controllers
0
 
LVL 3

Expert Comment

by:cmscheetz
ID: 34866359
In Active directory go to the OU that stores your users. Right click and go to properties. Click on the Attribute Editor tab. Copy the value in the distinguishedName.

Though if your users are in the users OU and the groups are in the groups OU, then what you have is already correct. there must be something else mis configured.
0
 
LVL 4

Expert Comment

by:IceCode
ID: 34866366
It might not like that you are using the default "users" container, it is not an organization unit (OU).  Try creating an OU named after your company and make a "users" OU and "security groups" OU under that, then update your DNs accordingly.  I.e. ou=users, ou="My Company", dc=corp, dc=company, dc=com.

It looks right otherwise.
0
 

Author Comment

by:md168
ID: 34866409
s3trios: clicking on domain controllers shows my two domain controllers.  

cmscheetz: When I right click on corp.company.com and select properties, there is no Attribute Editor tab.  Does this exist in Win2003?
0
 
LVL 3

Expert Comment

by:cmscheetz
ID: 34866426
Sorry, Go to View and check Advanced Features. You will see it after that.
0
 

Author Comment

by:md168
ID: 34866483
cmscheetz: Advanced Features is already checked.  I looked at both my domain controllers and when I right click on corp.company.com, the tabs are General, Managed By, Object, Security, and Group Policy.  Do I need to install something to view the tab?
0
 
LVL 4

Expert Comment

by:IceCode
ID: 34866507
Use adsiEdit.msc it shows the DN for every object right in the mmc.  If you don't have it you can download it, but it comes with Win 7.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 3

Expert Comment

by:cmscheetz
ID: 34866513
Sorry! I just looked into it and this is a new feature in 2k8. But again your Distinguished Name is correct as long as your users are in the default users and not an OU you created outside of it.
0
 
LVL 3

Expert Comment

by:cmscheetz
ID: 34866598
Apparently there are issues if the query returns too many results. Here is an article explaining. I hope it helps.

http://theether.net/kb/100055
0
 
LVL 3

Accepted Solution

by:
cmscheetz earned 250 total points
ID: 34866616
And on this install guide they use ou=users instead of cn=users.

http://www.edutech.me.uk/technical/installing-rsa-authentication-manager-7-1/
0
 
LVL 4

Assisted Solution

by:IceCode
IceCode earned 250 total points
ID: 34866644
The default AD page size cmscheetz refers to is 1000, I'm guessing by the fact that you are using the default users container that you have no where near this many results.  If your directory is larger, this could be an issue though.  

Regarding cn vs ou.  CN is correct for the default users container.  If the app doesn't like it you should create a new OU as I said in my first post.
0
 

Author Comment

by:md168
ID: 34866783
Odd.   I got it to accept the following.

User Base DN: DC=corp,DC=company,DC=com
User Group Base DN: DC=corp,DC=company,DC=com

I removed cn=users and ou=Groups.

Do you think this will work?  I appreciate your help.
0
 
LVL 4

Expert Comment

by:IceCode
ID: 34868018
Hard to say without seeing what you are seeing.  I would just test it and see if you get the results you are expecting.  If it does work it is just scanning all of AD which isn't the most effecient but may be fine with a relatively small directory.
0
 

Author Closing Comment

by:md168
ID: 34982460
I got it working.  Thanks for the help.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now