Is there a better way to access Active Directory Organizational Units than by name?

I'm having issues with our Domain Administrator changing the name of our domain org units without any warning. I have the AD path listed in my web.config. When he changes the names my reference in the code breaks. Is there another way to reference i.e. some sort of 'OU ID'?

<appSettings>
    <add key="adStructure" value="OU=Org Name 2,OU=Org Name 1,dc=test,dc=test2,dc=test3"/开发者_开发知识库>
</appSettings>

I'm trying to get a list of all groups within OU Org Name 2.

Yes, you can take advantage of otherWellKnownObjects. http://msdn.microsoft.com/en-us/library/ms679095(v=vs.85).aspx. You will need to populate a GUID and initial path to each OU in there, and then in the future when the OU is moved or renamed, AD will keep track. You simply bind by GUID instead of DN.

This link explains how - http://msdn.microsoft.com/en-us/library/ms676295(v=vs.85).aspx.

If the user accounts or other bjects you are accessing have an unique property for accessing them you could perform an LDAP/AD search query for getting the list of objects you need - independent of the distinguished name (DN) and therefore independent of the OU the are located in.

For details how to search in the AD see here:

• How to get AD User Groups for user in Asp.Net?
• http://www.codeproject.com/KB/system/QueryADwithDotNet.aspx

If you are looking for user objects an alternative would be a group containing all user accounts related to your application - as the Active Directory automatically updates/generates the distinguished name of the members.