What is a cn in active directory

A cn (common name) in Active Directory is an attribute used to uniquely identify objects stored in the directory, such as users, groups, and applications. The common name is composed of the Relative Distinguished Name property of an object and stored within the Distinguished Name property.

Usage of a cn Attribute in Active Directory #

The cn attribute is the primary attribute used to describe and identify users, groups, and computers. The cn attribute has a direct correlation to the user friendly name of an object.

Example #

For example, if a user ‘Mark’ has a common name of ‘mark.gilbert’, then the complete DN would be ‘CN=Mark Gilbert,OU=Users,DC=MyDomain,DC=com’. This can also be referred to as ‘mark.gilbert@mydomain.com’

Syntax #

The syntax of a cn identifier is a string value that contains a user name and a domain name separated by an at sign (@). The syntax should follow the standard for RFC 822 which states that the mail-address-specification should not exceed 104 characters.

Conclusion #

Using the cn attribute, Active Directory is able to uniquely identify objects within the directory. It provides a simpler and more efficient way to manage objects and continues to be a foundational element of the Windows directory service.