LDAP (Lightweight Directory Access Protocol) is a directory service protocol provides a mechanism to connect, query, and update the directories (Active Directory). LDAP directory service is based on a client-server mode. The data model (data and namespace) of LDAP is similar to the X.500 directory service standards
Active Directory differs from X.500 directory. Yes, it uses LDAP as an access protocol and supports X.500 information model without requiring systems to host the entire X.500 overhead. So we use to get high level of interoperability for administering complex networks.
LDAP Naming path are used to access Active Directory Objects and includes below:
Distinguished Name
Relative Distinguished Name
Distinguished Name
Distinguished Name gives the complete path of the object
For example:
cn=Ganesh,ou=Consultants,ou=Users,dc=Domain,dc=com
Relative Distinguished Name
Relative Distinguished Name is the portion of the Distinguished Name that uniquely identifies the object
cn=Ganesh
ou=Consultants
dc=Domain
And the keywords are
cn: Common Name
ou: Organizational Unit
dc: Domain Component
These are the three keywords mainly used in Active Directory LDAP. other directory systems often use different keywords for their container objects (Directories like Sun one, Unix LDAP) Not in Active Directory LDAP
l: Location
o: Organization
st: State/Province/Federal State
c: Country
The keyword ‘organization’ (O) is often used as top level of a non-AD directory system instead of DC keywords that always represent the top level in Active Directory environments.
Complete LDAP Paths
If you are running a VBscript, then not only the Distinguished Name (DN) of a directory object has to be provided but a complete LDAP pathname with URL (Unified Resource Locator).
Two elements need to be added to the distinguished name, label of the LDAP protocol and the server name to which you want to connect:
For example:
LDAP://server/distinguished-name
If the server name is not given it connect to local PC where the query runs
LDAP:// cn=Ganesh,ou=Consultants,ou=Users,dc=Domain,dc=com
How to find distinguished name or LDAP path for an Active Directory object
Extract bulk object from AD with the specific attributes
