The World According to Mitch

The day to day ramblings of an IT Professional (and so much more…)

Distinguished Names for Complex Items

Distinguished Names are pretty simple, right? Well… it depends on several factors.  To figure out the DN for swmi.ca it is… dc=swmi,dc=ca.  An Organizational Unit is not much harder… Let’s take an OU called Toronto in the swmi.com domain… ou=Toronto,dc=swmi,dc=ca.  Simple.

But what happens when we add a little complexity to our environment?  Say… OUs within OUs, and domains within domains?  Here’s an example:

Domain: Canada.swmi.ca
OU: OntarioToronto

Okay, this is a little more complex… but it’s actually pretty easy, once you know what you are doing.

OU=Toronto,OU=Ontario,DC=Canada,DC=swmi,DC=ca

See? That’s not that much harder than the simple Distinguished name…it’s just longer.

Spaces… what happens when you add spaces into the names of your OUs?  Of course, the space is not a valid character in a domain name, but there is nothing stopping you from putting them into your OU names.  You know… aside from common sense ;’)

We know that in PowerShell (and most scripting- and command-line interfaces) you have to put quotes around names that have spaces.  But when I run a PowerShell script that includes the DN of an object, it will already have quotes around it… do I have to double-quote?

No.  Distinguished Names do not change because you are scripting.  So let’s look at an example:

Domain: Canada.swmi.ca
OU: OntarioToronto – File Servers

Take a deep breath… relax, and let’s do what we did before…

OU=File Servers,OU=Toronto,OU=Ontario,DC=Canada,DC=swmi,DC=ca

We can go on and on with this game… one particular client that I am working with right now has a domain with OUs embedded six levels deep.  It is crucial that I get the DN right when I am scripting… refer to my article on Failover Cluster OUs and you will see why.  My clusters must be placed in the right place.  So I spent the time to make sure I had it right… and it worked!

…So what if you are hesitant, unsure, unconfident?  Before you run your script, run a simple command to test it:

dsquery ou “OU=File Servers,OU=Toronto,OU=Ontario,DC=Canada,DC=swmi,DC=ca

A simple dsquery should return the following response:

“OU=File Servers,OU=Toronto,OU=Ontario,DC=Canada,DC=swmi,DC=ca”

Now this isn’t very exciting… it is just parroting back to me what I said, right?  Well know that the alternative is an error message (dsquery failed: A referral was returned from the server, or dsquery failed: Directory object not found) and not getting that is golden.

Distinguished Names can be intimidating… but with a little bit of knowledge, you should be on easy street!

Advertisement

Mitch Garvis

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: