In Active Directory are Users always stored in the Users folder?
I am in a position where I am working with some very basic AD authentication. Basically as long as I can bind with some credentials, I consider a user authenticated with AD and I'm done. The difficult thing is I don't have access to the AD server and know very little about AD in general. So I cannot answer my own simple question and my requirement is kind of odd.
I need to let a user manually log in (by typing a user name and password) to a different AD login via LDAP than they are currently logged in as in Windows through a Chrome browser. So they are "authenticated" via NTLM, but now they can log in as someone else. Yes, weird, but that's the requirement.
From the initial NTLM process between the browser and Node.js, I get the URL to the AD and I get 3/4 attributes that I think I need.
I get 3 DC attributes which match what I expect, but I don't get the CN which in my case is CN=Users. Basically it looks something like
CN=Users,DC=ABC1,DC=ABC2,DC=ABC3
But from the initial NTLM I don't get the CN=Users anywhere.
So to my question! In AD is the folder that contains users always called Users? Or am I a bit screwed since I cannot obtain that final CN value from the initial NTLM process. Maybe there is another NTLM message I can send to get more info?
Thanks.
No, Users is just a container. Users and other objects can be stored in Organizational Units (OUs). As the documentation says:
OUs provide a means for administrators to group resources, such as user accounts or computer accounts, so that the resources can be managed as one unit. This makes it much easier to apply Group Policy to multiple computers or to control the access of many users to a single resource. OUs also make it easier to delegate control over resources to various administrators.
The string you are talking about is a Distinguished Name (DN) (example: CN=Jeff Smith,OU=Sales,DC=Fabrikam,DC=COM)
However, I don't understand why do you want to retrieve the DN for the user while logging in? You should be able to log on with the UPN (User Principal Name), such as: [email protected]