Apparently the app is hard coded to only lookup CN's of Firstname Lastname Must have the space, no comma's and no deviation allowed. Oh well, if the department that wants this goes ahead with it they are going to spend a ton of time manually tagging AD accounts to accounts in this app. 7000 user changes per year is going to keep them busy.
-----Original Message----- From: Steve Kradel [mailto:[email protected]] Sent: Friday, February 03, 2012 3:19 PM To: NT System Admin Issues Subject: Re: CN format question I would hazard to guess 50% of Active Directory deployments use "CN=Last\, First" RDN format. It is quite normal, and an application has no business trying to parse meaningful stuff out of the RDN anyway... that is why the discrete "sn" and "givenName" fields are there. Certainly if an application cannot tolerate an escaped comma in the DN at all, that's an application bug, not a problem with the directory data. IMHO, "CN=logonid" is a better way--this is how most non-AD directories roll--but I guess since ADUC slops the name fields into CN / RDN, that approach persists in AD generally. --Steve On Fri, Feb 3, 2012 at 2:16 PM, Kennedy, Jim <[email protected]> wrote: > Thanks Bonnie, that was my feeling also. I too feel it is an app > issue, but wanted to get some opinions since I am fuzzy on this. The > issue isn't the \, they are choking on my lastname then firstname. > They are looking for FirstName first. I would be shocked that they cannot > accommodate my way. > Can't imagine my way is 'wrong'. It was just a choice someone made > here before my time. > > > > From: Miller Bonnie L. [mailto:[email protected]] > Sent: Friday, February 03, 2012 2:01 PM > > > To: NT System Admin Issues > Subject: RE: CN format question > > > > The part you've shown us looks normal to me for Microsoft AD. The \ > is there to escape the comma that follows. Maybe their app can't deal > with that? > > > > http://www.informit.com/articles/article.aspx?p=101405&seqNum=7 > > > > > > From: Kennedy, Jim [mailto:[email protected]] > Sent: Friday, February 03, 2012 10:09 AM > > > To: NT System Admin Issues > Subject: CN format question > > > > Having an issue with a vendor with some LDAP lookups. I certainly saw > this years ago, but never looked into it. Our CN's are backwards from > how most people do it I think. Is there anything wrong with it being > this way? Why is that \ there? > > > > CN=Kennedy\, Jim,OU=(Redacted list of OU/DC's) > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
