|
Thanks for the responses guys. I wonder
if using GUID is an option. :/ marcus c. oh \\.\core technologies\cox communications, inc. \\.\mvp\windows server systems\management [v] 404.847.6117 [c] 404.391.7097 From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe LOL. Yeah this is my life lately. :oP I actually just submitted a couple of bugs
over legacyExchangeDN uniqueness possible issues with ADUC and a bug with one
of the major tool makers as well which has a similar issue. The issues are
unlikely but if you have enough mailboxes, the chances are you will hit issues
that are simply improbable. One customer of mine did in in fact hit a dupe from
something that is simply improbable. It is kind of silly because the value was
never tested for uniqueness, it was just assumed because it was an unusual
value. Mailbox enable a user in ADUC and set your
mailNickname (alias) to something with a $ in it or any of the following
chars - $^#\;/= -, you will notice that the legacyExchangeDN will
have a value of blahblah/cn=userxxxxxxxx. The xxxxxxxx is a random number, user
is the word user. ADUC never checks that value for uniqueness. There is another
case where this occurs as well and involved when it does do a ledn uniqueness
check and fails and generates a new ledn. joe From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Right, and although it's possible that
cdoexm has some of this built in, it's not likely (and not something I've seen
in there before, although I could have missed it). As for uniqueness, the only value that's
guaranteed to be unique in a forest is the GUID. If you're stepping
outside of the forest boundaries, there is nothing that is
"guaranteed" to be unique unless you made it that way via process and
code. SMTP address should be unique, but it's
not guaranteed that it will be when you try to sync, just that you'll know
because you'll have a non-functioning SMTP recipient if it is non-unique.
If you need to find something to use to sync with, you'll have to analyze all
of the directory data in your scope and either pick something or modify some of
the directories and processes to uniquely identify the wetware. Joe's up on all of this Exchange directory
stuff, he should be weighing in shortly I would imagine ;) From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] I haven’t read the blog yet –
I will – but uniqueness is enforced by ADUC (or any other provisioning
mechanism that has the intelligence built into it). You can certainly shove
colliding values into this attribute by other means. Deji From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] I was going through the You Had Me At Ehlo blog
and ran across the most recent post which describes in some detail about how
uniqueness is maintained in the proxyAddresses attribute. I’m
curious though… does this only apply for changes made through ADUC or
does it apply to changes made through any mechanism (e.g. scripts, ldp, etc)? Here’s the link: http://blogs.msdn.com/exchange/archive/2005/01/10/350132.aspx. Some background… in all this madness to
bring single-sign-on to fruition, we’re running into problems finding a
unique value that can be used to tie AD to other directories when extracting
information from a forest. We
were keying off samAccountName but found too many identical names from domain to domain. \\.\core technologies\cox
communications, inc. \\.\mvp\windows server
systems\management [v]
404.847.6117 [c] 404.391.7097 |
Title: LDAP and related Exchange question
- RE: [ActiveDir] LDAP and related Exchange question Marcus.Oh
- RE: [ActiveDir] LDAP and related Exchange question Mulnick, Al
- RE: [ActiveDir] LDAP and related Exchange question Gil Kirkpatrick
- RE: [ActiveDir] LDAP and related Exchange question Mulnick, Al
- RE: [ActiveDir] LDAP and related Exchange question Mulnick, Al
- RE: [ActiveDir] LDAP and related Exchange question Renouf, Phil
- RE: [ActiveDir] LDAP and related Exchange question Creamer, Mark
- RE: [ActiveDir] LDAP and related Exchange question Mulnick, Al
- RE: [ActiveDir] LDAP and related Exchange question Free, Bob
