Determining Parent Container of Objects Found by Searching in Active Directory Users and Computers (223399)
The information in this article applies to:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Datacenter Server
This article was previously published under Q223399 SUMMARY
When you perform a search for objects such as Users, Computers, Contacts, and Groups in the Active Directory using the Find command, an administrator may need to identify where the objects are located within the Active Directory structure. This article describes how to display and interpret this additional information.
MORE INFORMATION
When an administrator right-clicks a container in the Active Directory Users and Computers Microsoft Management Console (MMC) Administration tool, the Find command allows searching for various types of objects and specifying conditions that must be met for the objects to be returned in the results. After performing the search, the results should be displayed in the bottom portion of the dialog box. By default, the Distinguished Name (DN), which is the hierarchical path to the object in the Active Directory, is not displayed.
The administrator can add a column to the view that displays the path to the object in the Active Directory identifying the parent container(s). When Users, Contacts, and Groups Are Found- On the View menu, click Choose Columns in the Find Users, Contacts, and Groups dialog box.
- In the Columns Available box, click X500 Distinguished Name, click Add, and then click OK.
Depending on how many levels deep the User, Contact, or Group is located, there may be multiple parent containers. Levels of hierarchy in the DN and separation of leaf objects from container objects are identified by commas. To identify the direct parent of the object found, locate the first comma. The most immediate parent container is to the right. The name of the container may be preceded with "OU=" in place of "CN=," identifying it as an Organizational Unit.
For example, if the user "administrator" is found, the X500 Distinguished Name may display the following information, indicating that the "Administrator" account resides in the "Users" container directly beneath the root of the domain:
CN=Administrator,CN=Users,DC=Microsoft,DC=Com
However, if the user had been moved to an Organizational Unit used for the purpose of delegating permissions, this path might be:
CN=Administrator,OU=Security Admins,DC=Microsoft,DC=Com
Or, there may be several parent containers:
CN=Administrator,OU=Seattle,OU=Security Admins,DC=Microsoft,DC=Com
When Computers Are Found
The process to display the parent container for Computer objects found is very similar to the above steps, except for the attribute name to display and the format used.
- On the View menu, click Choose Columns in the Find Computers dialog box.
- In the Columns Available box, click Published At, click Add, and then click OK.
The path to the object displayed in the "Published At" column is presented in Canonical Name format. The path is read right to left, starting with the object found, separated by forward slashes.
For example, if the computer "Server1" was found, the "Published At" column may display the following information, indicating that the "Server1" computer account resides in the "Computers" container directly beneath the root of the domain:
ntds://microsoft.com/Computers/SERVER1
Determining the parent container for other objects in the Active Directory is very similar to the process outlined above. When a column is added to the view, this setting is saved (per user) for the next time the snap-in is used.
| Modification Type: | Major | Last Reviewed: | 11/21/2003 |
|---|
| Keywords: | kbenv kbhowto KB223399 |
|---|
|