How to determine the base DN (distinguishedName) for the DLP Enforce AD Directory Connection
Article ID: 267821
Updated On:
Products
Issue/Introduction
You are configuring a Directory Connection in the DLP Enforce Console to utilize User Groups synchronization from Active Directory for policies or user management. This article presents a simple way of obtaining the correct distinguishedName from the AD to use in the Directory Connection configuration. Base DN is the distinguishedName of the object from which the user lookup will be started from. It will look down the tree of the objects from this point, it will not look upwards. It is recommended to point to OU or Container that will contain users only.
Environment
15.8 or later
Resolution
1. Connect to your Active Directory server
2. Open "Active Directory Users and Computers" (dsa.msc)
3. Expand View and enable "Advanced Features"
4. Locate the OU/Container which will contain users that should be synchronized with the Enforce server.
5. Right click on the OU/Container and go into Properties
6. In the Properties window change the tab to "Attribute Editor" and find "distinguishedName" in the attribute list
7. Open the distinguishedName attribute by double clicking on it or using the "View" button
8. The entry displayed in the Value field is the base DN to be used in the Directory Connection configuraiton:
Feedback
