JSI Tip 7534. How can I use DsFind with attributes that require a Distinguished Name syntax?

NOTE: The text in the following Microsoft Knowledge Base article is provided so that the site search can find this page. Please click the Knowledge Base link to insure that you are reading the most current information.

Microsoft Knowledge Base article Q811509 contains:

View products that this article applies to.



When you perform an advanced search, for some objects' attributes you must know the distinguished name (also known as DN) of the object that you are searching against. Every object is stored in the directory database according to its relative distinguished name (also known as RDN) and parent identifier. Therefore, if you know the relative distinguished name of an object, you can determine the full distinguished name by following the references to the parent objects and finally to the root object. For example, the distinguished name of a user object might be


, where the series of relative distinguished names (dc=DomainName) identifies the DNS domain of the object.

back to the top

Perform an Advanced Search

  1. In Active Directory Users and Computers, right-click the domain name that is at the top of the hierarchy.
  2. From the Context menu, click Find.
  3. From the Find combo box, click the object that you want to search for (for example, Users, contacts, and groups, Computers, Printers, and others).
  4. If multiple domains exist through trusts, you can use the In combo box to select a different domain.
  5. Click the Advanced tab.
  6. Click to select a field from the list.
  7. If the Condition: drop-down list does not include either the Starts with or the Ends with options, the Value: box may have to contain the distinguished name of the object you are searching for. View the list of objects later in this article for more information.
  8. Type the value.
  9. Click Add to add the search condition to the list.
  10. Repeat steps 6 - 9 to add all the search conditions to the list.
  11. After the list is complete, click Find now to generate a list of all the objects that meet the specified conditions.
back to the top

List of Objects and Their Attributes that Require a Distinguished Name as a Value

Users and contacts: Direct reports, manager, member of, X500 Distinguished Name.
Groups: Managed by, members, X500 Distinguished Name
Computers: Managed by Printers
Contact Shared folders: Managed by
Organizational Unit: Managed by

back to the top

The information in this article applies to:

  • Microsoft Windows Server 2003, 64-Bit Datacenter Edition
  • Microsoft Windows Server 2003, 64-Bit Enterprise Edition
  • Microsoft Windows Server 2003, Datacenter Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Small Business Server 2003, Premium Edition
  • Microsoft Windows Small Business Server 2003, Standard Edition

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.