When an administrator right-clicks a container in the Active Directory Users and Computers Microsoft Management Console (MMC) Administration tool, the Find command allows searching for various types of objects and specifying conditions that must be met for the objects to be returned in the results. After performing the search, the results should be displayed in the bottom portion of the dialog box. By default, the Distinguished Name (DN), which is the hierarchical path to the object in the Active Directory, is not displayed.
The administrator can add a column to the view that displays the path to the object in the Active Directory identifying the parent container(s).
When Users, Contacts, and Groups Are Found
- On the View menu, click Choose Columns in the Find Users, Contacts, and Groups dialog box.
- In the Columns Available box, click X500 Distinguished Name, click Add, and then click OK.
Depending on how many levels deep the User, Contact, or Group is located, there may be multiple parent containers. Levels of hierarchy in the DN and separation of leaf objects from container objects are identified by commas. To identify the direct parent of the object found, locate the first comma. The most immediate parent container is to the right. The name of the container may be preceded with "OU=" in place of "CN=," identifying it as an Organizational Unit.
For example, if the user "administrator" is found, the X500 Distinguished Name may display the following information, indicating that the "Administrator" account resides in the "Users" container directly beneath the root of the domain:
However, if the user had been moved to an Organizational Unit used for the purpose of delegating permissions, this path might be:
Or, there may be several parent containers:
When Computers Are Found
The process to display the parent container for Computer objects found is very similar to the above steps, except for the attribute name to display and the format used.
- On the View menu, click Choose Columns in the Find Computers dialog box.
- In the Columns Available box, click Published At, click Add, and then click OK.
The path to the object displayed in the "Published At" column is presented in Canonical Name format. The path is read right to left, starting with the object found, separated by forward slashes.
For example, if the computer "Server1" was found, the "Published At" column may display the following information, indicating that the "Server1" computer account resides in the "Computers" container directly beneath the root of the domain:
Determining the parent container for other objects in the Active Directory is very similar to the process outlined above. When a column is added to the view, this setting is saved (per user) for the next time the snap-in is used.