Cisco Cisco ASA 5580 Adaptive Security Appliance Technisches Handbuch
In this example, the current group is named 'Employees.' Therefore, you can use the dsquery command in
order to determine the DN for that specific group:
order to determine the DN for that specific group:
This output is used in order to determine the LDAP structure for the Group search base.
In this case, the information 'DC=csc−lab,DC=ciscotac,DC=com' is an appropriate User search base for the
directory configuration.
directory configuration.
This image shows how the output of the dsquery commands can be mapped to the Directory User and Group
search base information:
search base information:
Determine the Distinguished Name of Other Objects in Active Directory − ADSI Edit
If you need to browse your Active Directory structure in order to look up distinguished names to use for your
User or Group search base, you can use a tool called ADSI Edit that is built into Active Directory Domain
Controllers. In order to open ADSI Edit, choose Start > Run on your Active Directory Domain Controller and
enter adsiedit.msc.
User or Group search base, you can use a tool called ADSI Edit that is built into Active Directory Domain
Controllers. In order to open ADSI Edit, choose Start > Run on your Active Directory Domain Controller and
enter adsiedit.msc.
Once you are in ADSI Edit, right−click any object (such as an organizational unit (OU), group, or user) and
choose Properties in order to view the distinguished name of that object. You can then easily copy and paste
the string to your CX configuration in PRSM in order to avoid any typographical errors. See this screenshot
for more specifics on this process:
choose Properties in order to view the distinguished name of that object. You can then easily copy and paste
the string to your CX configuration in PRSM in order to avoid any typographical errors. See this screenshot
for more specifics on this process: