JSI Tip 9415. Three ways to convert a user name (sAMAccountName) to a distinguished name (distinguishedName).

There are normally many ways to accopmlished task. This tip presents 3 scripts to convert a user name (sAMAccountName) to a distinguished name (distinguishedName).

The three methods used are:

DSQuery

DSQuery is an Active Directory command-line tool.

NOTE: See tip 7714 What attribute names can I use with the user filtered dsquery command?
NOTE: See tip 7992 How do I know what attribute names to use when performing a 'DSQUERY *'?

I have scripted SAMID2DN.bat to convert a user's sAMAccountName to their distinguishedName.

The syntax for using SAMID2DN.bat is:

call SAMID2DN UserName

Where UserName is the NetBIOS user name, like Jerry. Wild cards are supported, so using J* will return the distinguished name of all users whose UserName starts with J. The output is displayed on the console, but can be redirected to a file, or processed in a FOR command.

SAMID2DN.bat contains:

@echo offif {%1}

<h1><a name="_echo_Syntax_SAMID2DN_Samid_amp_goto_EOF_setlocal_ENABLEDELAYEDEXPANSION_set_user_1_set_user_user_set_qry_dsquery_domainroot_filter_amp_objectCategory_Person_objectClass_User_sAMAccountName_user_attr_distinguishedName_L_limit_0_set_dn_NONE_for_f_Tokens_u_in_qry_do_set_dn_u_echo_dn_endlocal_pre_a_href_#Begin_Back_to_the_top_a_p_a_name_ADFind_a_p_p_p_h3_ADFind_h3_a_href_article_jsifaq_jsi_tip_5898_freeware_adfind_aspx_b_ADFind_exe_b_freeware_a_I_have_scripted_b_SAMID2DNadf_bat_b_to_convert_a_user_s_b_sAMAccountName_b_to_their_b_distinguishedName_b_p_The_syntax_for_using_b_SAMID2DNadf_bat_b_is_p_p_b_call_SAMID2DNadf_UserName_b_p_p_Where_b_UserName_b_is_the_b_NetBIOS_b_user_name_like_b_Jerry_b_Wild_cards_are_supported_so_using_b_J_b_will_return_the_distinguished_name_of_all_users_whose_b_UserName_b_starts_with_b_J_b_The_output_is_displayed_on_the_console_but_can_be_redirected_to_a_file_or_processed_in_a_b_FOR_b_command_p_p_font_size_1_b_SAMID2DNadf_bat_b_font_contains_p_pre_echo_off_if_1_" id="_echo_Syntax_SAMID2DN_Samid_amp_goto_EOF_setlocal_ENABLEDELAYEDEXPANSION_set_user_1_set_user_user_set_qry_dsquery_domainroot_filter_amp_objectCategory_Person_objectClass_User_sAMAccountName_user_attr_distinguishedName_L_limit_0_set_dn_NONE_for_f_Tokens_u_in_qry_do_set_dn_u_echo_dn_endlocal_pre_a_href_#Begin_Back_to_the_top_a_p_a_name_ADFind_a_p_p_p_h3_ADFind_h3_a_href_article_jsifaq_jsi_tip_5898_freeware_adfind_aspx_b_ADFind_exe_b_freeware_a_I_have_scripted_b_SAMID2DNadf_bat_b_to_convert_a_user_s_b_sAMAccountName_b_to_their_b_distinguishedName_b_p_The_syntax_for_using_b_SAMID2DNadf_bat_b_is_p_p_b_call_SAMID2DNadf_UserName_b_p_p_Where_b_UserName_b_is_the_b_NetBIOS_b_user_name_like_b_Jerry_b_Wild_cards_are_supported_so_using_b_J_b_will_return_the_distinguished_name_of_all_users_whose_b_UserName_b_starts_with_b_J_b_The_output_is_displayed_on_the_console_but_can_be_redirected_to_a_file_or_processed_in_a_b_FOR_b_command_p_p_font_size_1_b_SAMID2DNadf_bat_b_font_contains_p_pre_echo_off_if_1_">{} @echo Syntax: SAMID2DN Samid &amp;goto :EOFsetlocal ENABLEDELAYEDEXPANSIONset user=%1set user=%user:"=%set qry=dsquery * domainroot -filter "(&amp;(objectCategory=Person)(objectClass=User)(sAMAccountName=%user%))" -attr distinguishedName -L -limit 0set dn=NONEfor /f "Tokens=*" %%u in ('%qry%') do ( set dn=%%u @echo "!dn!")endlocal</a></h1>

Back to the top

ADFind

ADFind.exe freeware, I have scripted SAMID2DNadf.bat to convert a user's sAMAccountName to their distinguishedName.

The syntax for using SAMID2DNadf.bat is:

call SAMID2DNadf UserName

Where UserName is the NetBIOS user name, like Jerry. Wild cards are supported, so using J* will return the distinguished name of all users whose UserName starts with J. The output is displayed on the console, but can be redirected to a file, or processed in a FOR command.

SAMID2DNadf.bat contains:

@echo offif {%1}{} @echo Syntax: SAMID2DNadf Samid &goto :EOFsetlocal ENABLEDELAYEDEXPANSIONset user=%1set user=%user:"=%set qry=adfind -default -f "&(objectcategory=person)(samaccountname=%user%)" -ps 1000 -nodn -noctlset dn=NONEfor /f "Tokens=*" %%u in ('%qry%^|findstr /b /l /c:">distinguishedName: "') do ( set dn=%%u set dn=!dn:^>distinguishedName: =! @echo "!dn!")endlocal

Back to the top

NameTranslate

Richard Mueller describes NameTranslate, the IADsNameTranslate interface, which can be used to convert the names of Active Directory objects from one format to another:

Back to the top