IBM Support

QRadar: How to find the User Base and Group Base DN information when using LDAP

How To


The purpose of this article is to help the administrator to find the User Base and Group Base DN information required to configure LDAP authentication in QRadar®.


These steps require collaboration from Active Directory administrators to get the distinguishedName (DN) attribute from an Active Directory object. 


To gather the User Base DN
By default, most of users are created in the default container "Users". However, users and groups may be organized into specific Organization Unit (OU). Administrator can use "Active Directory Users and Computers" (ADUC) to review the distinguishedName of the OU or container.
Administrator also can uses the dsquery utility (available on Domain Controller) to get the DN of the object
  1. Open a Windows® command prompt.
  2. Type the command:
    dsquery user -name <known username>
    Example: If you are searching for all users named "Test", you can enter the username as Test* to get a list of all users who's name is Test.

    The result looks like:
  3. The User Base DN is part of output excluding the User's container. In QRadar® LDAP module settings, when asked for a User Base DN, enter:

To gather Binding Login DN:

Similarly, using ADUC, administrator can review the distinguishedName attribute to get the DN for Binding account:
With dsquery:
dsquery user -name "QRadar Binding"

"CN=QRadar Binding,OU=ServiceAcc,DC=alpha,DC=ibm,DC=int"


To gather the Group Base DN

Using ADUC, administrator can get the distinguishedName attribute of the Container or OU where the groups are located:
With dsquery command, the Group Base DN is part of output excluding the group's container. In this example, it is "OU=QRadar,DC=alpha,DC=ibm,DC=int"
dsquery group -name SOC



Document Location


[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]

Document Information

Modified date:
10 April 2024