I’ve recently been involved in setting up a number of SaaS applications for my organisation which use our on-premise Active Directory to authenticate users. Whilst most of the time constructing a LDAP Distinguished Name from an AD tool such as Active Directory Users and Computers is straightforward, it’s easy to mis-spell an OU or miss out a layer in a complex hierarchy.
The right tool for the job is ADSI Edit -“Active Directory Services Interface”. This provides the full Distinguished Name for every object- be it an Organisational Unit, User, Computer, Group, Organisational Unit etc. which can be copied from the listing.
For more information about ADSI Edit- visit the Microsoft TechNet Pages.