Let me start with I am confused by what you are doing. But let me mention thoughts based on what you have written...
The userPrincipalName uniqueness is based on the ENTIRE UPN, not just the first component. Unless you are POSITIVE that the UPNs will be unique up to the realm then you may want to find something else for your key. In ADAM you can use single name without realm UPNs and ADAM will enforce that uniqueness for you. But that is ADAM, not AD. If you want to look up the real DNs, you can obviously do so with the full UPN. Just do a GC query of [EMAIL PROTECTED] joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B Allen Sent: Thursday, October 12, 2006 6:05 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Attribute for Name Component of userPrincipalName? Does anyone know of an object class that defines an attribute like userPrincipalName but just the name component and not the realm? For example, if an object had a userPrincipalName of '[EMAIL PROTECTED]' the desired attribute would be guaranteed to be 'Managers'. I'm caching group objectSids in a temporary in-memory DIT. The entries need unique DNs but I don't know the real DNs. All I have is the userPrincipalName so I was thinking I could just derive a DN from the userPrincipalName like: [EMAIL PROTECTED] -> FOO=Managers,DC=example,DC=com Right now it doesn't really matter if this is truely conformant or not, I'm just thinking about forward compatibility. Thanks, Mike -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
