Beranda > Artikel > Names for Objects in Active Directory

Names for Objects in Active Directory

One of the biggest confusions with Active Directory is the many “names” that can be used to refer to or describe an object. Most of these “names” are attributes (or properties) of the object. There is even a property method called “Name”. A Property Method is actually a method (a function) that calculates a value from other properties.

Note that the terms “attribute” and “property” are interchangeable. The name of a property or attribute is like the name of a variable. The actual value of the property can be assigned by the network administrator, or sometimes by the system.

Some of the confusion arises because the same attribute can have a different name depending on the provider used. Even worse is that sometimes the same attribute name can refer to a different attribute, depending on the provider. The following table attempts to clarify the situation.

Active Directory Attribute WinNT property LDAP property
SAM-Account-Name name sAMAccountName
Common-Name n/a cn
RDN n/a Name
Display-Name fullName displayName
Surname n/a sn
Given-Name n/a givenName
Initials n/a initials
Moniker n/a moniker
Personal-Title n/a personalTitle
Generation-Qualifier n/a generationQualifier
User-Principal-Name n/a userPrincipalName
Obj-Dist-Name n/a distinguishedName
n/a AdsPath n/a
n/a n/a AdsPath

The “Name” property of the WinNT provider is sometimes called the “NT Name”, because it is the name used in NT networks. The WinNT “Name” property of a user object is the pre-Windows 2000 logon name. The LDAP provider calls this attribute “sAMAccountName”. The value can be the same as the value assigned to the LDAP “cn” attribute, but it does not have to be. This can be a major source of confusion. You cannot retrieve the “cn” attribute with the WinNT provider.

The “Name” property method of the LDAP provider is the same as the “cn” property, but with the string “cn=” appended in front. For example, if cn = “TestUser”, then Name = “cn=TestUser”. The “Name” property method returns the Relative Distinguished Name (RDN) of the object.

The same attribute called “FullName” using the WinNT provider is called “displayName” using LDAP. Many of the other attributes used to identify users are only exposed by the LDAP provider.

Both providers expose an “AdsPath” attribute, but this is actually a “Property Method”. It is the binding string used to bind to the object with the provider. The LDAP provider also exposes a “distinguishedName” attribute. It is the same as “AdsPath”, but without the provider moniker (“LDAP://”) in the string. The “distinguishedName” property of an object might be something like “cn=TestUser,ou=Sales,dc=MyDomain,dc=com”. It uniquely specifies the object in Active Directory. It includes the Relative Distinguished Name of the object, plus the full path to the container holding the object in Active Directory.

The “userPrincipalName” is an alternative name for the user to logon with. It is in the form “LogonName@DNSDomain”. For example, it could be “Joe User@MyDomain.MyCompany.com”. This attribute is not always assigned a value in Active Directory.

The only attributes in the table above that are mandatory are “SAM-Account-Name” and “Common-Name”. If a user object is created with the LDAP provider, values must be specified for both “cn” and “sAMAccountName”. If a user object is created with the WinNT provider, only the “Name” attribute is specified (“SAM-Account-Name”), but “Common Name” is automatically assigned to the same value. If a user object is created in the “Active Directory Users and Computers” MMC, the names default as follows. You specify the “First Name”, “Initials”, and “Last Name” of the user (the “givenName”, “initials”, and “sn” attributes). The field labeled “Full Name” defaults to be <givenName> <initials>. <sn>. This string is assigned to the “cn” attribute (Common Name). You are allowed to overwrite the default. The fact that the cn attribute is referred to as “Full Name” is another source of confusion. In the “New Object – user” dialog you are also required to specify a “User logon name”. This, in combination with the DNS domain name, becomes the “userPrincipalName”. Finally, as you key in “User logon name”, the field “pre-Windows 2000 logon name” is filled in for you with the first 20 characters of “User logon name”. This becomes the “sAMAccountName” attribute.

The full NT name of an Active Directory object is in the form “NetBIOSDomain\sAMAccountName”. An example could be:

MyDomain\TestUser

The full LDAP name of the same object could be specified by:

cn=Test1,ou=Sales,ou=East,dc=Domain1,dc=com

As you can see, the “sAMAccountName” attribute does not have to be the same as the “cn” attribute. In addition, the DNS domain name (Domain1.com above) does not have to match the NetBIOS domain name (MyDomain above). This can make “finding” objects in Active Directory difficult. Fortunately, the NameTranslate object is generally available to convert names between these two forms.

It should be noted that the sAMAccountName attribute of any object must be unique in the domain. The userPrincipalName must be unique in the forest. However, the cn attribute (common name) must only be unique in the container or organizational unit. There can be several objects with the same cn, as long as they are in different containers. Note, however, that the distinguishedName will always be unique in the forest.

A final concept to discuss is the relative distinguished name, abbreviated RDN. For a user object, this is the common name (cn) attribute. The Name property method returns the RDN. The RDN of any object is the first part of the distinguishedName, abbreviated DN, of the object. For example, if the DN of a computer object is:

cn=Minnesota,cn=computers,dc=MyDomain,dc=com

Then, the RDN is “cn=Minnesota”.

A few naming abbreviations:

cn Common Name
ou Organizational Unit
dc Domain Component
dn Distinguished Name
RDN Relative Distinguished Name
UPN User Principal Name

Source: http://www.rlmueller.net/Name_Attributes.htm

Iklan
Kategori:Artikel
  1. Juni 12, 2012 pukul 7:16 pm

    You ought to be a part of a contest for one of the greatest websites on the
    net. I will recommend this blog!

  2. Juli 30, 2012 pukul 10:23 am

    Everything is very open with a clear description of
    the challenges. It was definitely informative. Your website is useful.
    Many thanks for sharing!

  3. Agustus 31, 2012 pukul 1:54 pm

    Hello, i think that i saw you visited my site so i came to “return
    the favor”.I’m trying to find things to improve my site!I suppose its ok to use some of your ideas!!

  4. September 1, 2012 pukul 9:48 am

    Asking questions are in fact good thing if you are not understanding something entirely,
    except this paragraph gives pleasant understanding even.

  5. September 12, 2012 pukul 4:10 pm

    You have provided a great site.

  6. Oktober 4, 2012 pukul 10:13 am

    Nice post. I learn something new and challenging on
    sites I stumbleupon everyday. It’s always exciting to read articles from other authors and practice a little something from their sites.

  7. November 4, 2012 pukul 7:52 am

    After exploring a few of the articles on your web
    site, I honestly like your way of blogging. I saved it to my bookmark
    webpage list and will be checking back soon. Please check out my web site too and tell me how you
    feel.

  8. November 21, 2012 pukul 10:24 pm

    Hello mates, how is the whole thing, and what you would like
    to say about this article, in my view its truly awesome for me.

  9. November 21, 2012 pukul 11:02 pm

    I’m no longer certain the place you’re getting your info, but good topic.
    I must spend some time finding out more or figuring out more.

    Thanks for excellent information I was on the lookout for this info for my mission.

  10. Februari 13, 2013 pukul 8:09 pm

    You really constructed many terrific ideas
    within your posting, “Names for Objects in Active Directory Errorguide’s Blog”. I will become heading back to your blog shortly. Many thanks -Thanh

  11. April 3, 2013 pukul 9:58 pm

    Greetings! Very useful advice within this article!
    It’s the little changes which will make the most important changes. Many thanks for sharing!

  12. April 5, 2013 pukul 6:56 am

    I all the time used to study article in news papers
    but now as I am a user of internet therefore from now
    I am using net for posts, thanks to web.

  13. April 17, 2013 pukul 1:39 pm

    I know this website provides quality based posts and other
    data, is there any other site which offers these kinds of information in quality?

  14. April 18, 2013 pukul 9:33 pm

    Along with every thing which appears to be building throughout this particular subject material,
    all your points of view are actually very radical. Even so, I
    appologize, but I can not subscribe to your whole idea, all be it stimulating none the less.
    It seems to everyone that your comments are not completely justified and in reality you are
    your self not even completely confident of the assertion.

    In any case I did appreciate examining it.

  15. April 28, 2013 pukul 10:22 pm

    I was recommended this website by way of my cousin.
    I am now not certain whether this put up is written by means of him as no one else realize such
    special about my difficulty. You are wonderful! Thanks!

  16. Mei 23, 2013 pukul 4:10 am

    If you choose Screen Clipping, the total monitor will be protected in white and a crosshair will show up indicating you can attract a box all over the spot you want to seize.
    Smoochum and Magby run by means of a hole in a fence and Wooper jumps off some tires and they all bounce on the see
    noticed.

  17. Mei 31, 2013 pukul 12:19 pm

    When someone writes an paragraph he/she retains the plan of a user
    in his/her mind that how a user can understand it. So that’s why this article is great. Thanks!

  18. Juni 12, 2013 pukul 9:20 pm

    I simply could not depart your web site before suggesting
    that I actually loved the standard information an individual provide on your visitors?
    Is gonna be back steadily to check out new posts

  19. Juli 3, 2013 pukul 10:43 pm

    We are a group of volunteers and starting a brand new scheme in our community.
    Your website offered us with valuable information to work on.
    You’ve done an impressive activity and our entire community can be thankful to you.

  20. Juli 19, 2013 pukul 11:54 pm

    When someone writes an paragraph he/she keeps the image of
    a user in his/her brain that how a user can understand it. Thus that’s why this paragraph is amazing. Thanks!

  21. Juli 29, 2013 pukul 5:10 pm

    Nice post. I was checking constantly this blog and I am impressed!
    Very helpful information specifically the last part
    🙂 I care for such info a lot. I was looking for this certain info for a long time.
    Thank you and good luck.

  22. Agustus 1, 2013 pukul 12:22 pm

    I loved as much as you will receive carried out right here.
    The sketch is attractive, your authored subject matter stylish.
    nonetheless, you command get bought an edginess
    over that you wish be delivering the following. unwell unquestionably come further formerly again since exactly the same nearly
    a lot often inside case you shield this hike.

  23. September 25, 2013 pukul 5:39 pm

    Nice post. I learn something totally new and challenging
    on websites I stumbleupon everyday. It will always be interesting to read
    content from other authors and practice something from other websites.

  24. Desember 15, 2013 pukul 1:28 pm

    Hello this is kind of of off topic but I was wondering if blogs use WYSIWYG editors or if you
    have to manually code with HTML. I’m starting a blog soon but have no coding experience so I wanted to get advice from someone with
    experience. Any help would be greatly appreciated!

  25. Januari 9, 2014 pukul 6:52 pm

    I’m truly enjoying the design and layout of your blog.
    It’s a very easy on the eyes which makes it much more enjoyable for me to come here and visit more often.
    Did you hire out a designer to create your theme?
    Excellent work!

  26. Juni 19, 2014 pukul 3:54 pm

    Hi there, i read your blog from time to time and i own a similar one and i was just curious if you get a lot of spam remarks?
    If so how do you protect against it, any plugin or anything you can recommend?

    I get so much lately it’s driving me mad so any support is very much appreciated.

  27. Juli 11, 2014 pukul 9:02 am

    For latest news you have to pay a visit world-wide-web and on world-wide-web I found this web site
    as a finest website for most recennt updates.

  28. Peassarsmuro
    Mei 19, 2017 pukul 1:08 am

    Не ходите для свидания. А также не целуйтесь и не обнимайтесь без необходимости. У вас и так есть мощный возбуждение захотеть весь усложнить. Не полагается этому еще и помогать. Не ищи поводов встретиться alias напомнить о себе. Не полагается этих сообщений с вопросами о том, подобно прошел день. Не лезь в его общежитие, не расспрашивай про его проблемы, не пытайся его заинтересовать своим глубоким внутренним миром. Это простой секс. И чтобы всех довольно лучше, если ваши контакты будут сугубо функциональными. Не ревнуй. Котлеты отдельно, мухи поверстно: это не отношения, это секс по дружбе. Ты не имеешь никаких прав для этого мужчину, он тебе нисколько не обещал и нисколько не должен. Если ты не можешь контролировать это чувство, стоит остановиться. Будь открыта ради новых отношений. Пожирать такая дурачество, сколько временное – это самое постоянное. Не должен беспричинно! Не думай, сколько коли тебе лупить с кем почивать, то можно расслабиться и перестать искать настоящей близости со всеми вытекающими. То, что тебе нужен всего секс и не нужны никакие дополнительные сложности – иллюзия и самообман. Держи в голове, что друг чтобы секса – это временные меры, и не превращай их в ровный статус. Не спеши отступаться через секса по дружбе, ежели встретила другого мужчину. Ты отродясь не знаешь, как совершенно обернется. А вот то, сколько мы, девочки, склонны придумывать, додумывать и сооружать долгосрочные планы для будущее для пустом месте – это факт. Не думай, что ты должна иметься верной, если тебя относительный этом паки не попросили. http://talschool1.ru/comment.php?comment.news.35 Используйте закон принудительной эффективности, какой говорит о часть, что на безвыездно времени отроду не хватает, но его всегда достаточно для самого важного. Поэтому важно удосуживаться и заставить себя исполнять в первую очередь то, сколько принесет наибольшую выгоду и результат.

  29. Desember 14, 2017 pukul 9:01 am

    I visit day-to-day some blogs and sites to read articles,
    however this weblog provides quality based writing.

  1. No trackbacks yet.

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout /  Ubah )

Foto Google+

You are commenting using your Google+ account. Logout /  Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout /  Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout /  Ubah )

w

Connecting to %s

%d blogger menyukai ini: