If you are working with Active Directory, it is essential to understand distinguished names (DNs) and their hierarchy. The DN of an object in Active Directory identifies each object uniquely and follows a hierarchical structure.
The Hierarchy of Distinguished Name
The highest level of hierarchy in DN is the DC (domainComponent) attribute. However, in the case of domain component, the extension has a higher hierarchy than the domain name. Next is the domain name attribute, and if the object belongs to a container like an OU, these attributes follow in the DN hierarchy. It is worth noting that if an object belongs to two OUs, the lower level OU comes first, followed by the higher level OU.
Relative Distinguished Name (RDN)
LDAP DNs start with the most specific attribute, usually a name, and then progress to broader attributes, typically ending with a country attribute. The first component of a DN is called a Relative Distinguished Name (RDN). It helps to identify an entry from other entries that share the same parent. For example, in the DNs “cn=Ben Gray” and “cn=Lucille White,” the RDN components “cn” and “Ben Gray” or “Lucille White” are what distinguish each entry.
Remember that the attribute=value combination that makes up the RDN of an entry must also be present within the entry. Otherwise, it will cause an error if it’s not present in the record.
Distinguished names (DNs) help unique identification of every object in Active Directory, and they follow a hierarchical structure. The DC attribute is the highest level of hierarchy, followed by the domain name attribute and then the container’s attributes. The first component of the DN is the Relative Distinguished Name (RDN), which helps distinguish an entry from other entries. It is very important to understand DNs if you’re working in Active Directory.
What is the function of a distinguished name?
The function of a distinguished name is to provide a unique identification of an object in Active Directory and follow a hierarchical structure.
What is the highest level in the hierarchical structure of a distinguished name?
The highest level of hierarchy in distinguished name is the domainComponent (DC) attribute.
What is Relative Distinguished Name (RDN)?
Relative Distinguished Name (RDN) is the first component of the DN which helps identify an entry from other entries that share the same parent. It distinguishes one object from another.
Understanding distinguished names and their hierarchy in Active Directory can be confusing. However, it is essential to ensure successful directory management. We hope the information we have shared has made it easier for you to understand distinguished names and their significance in Active Directory.