Hmm... got a blank message again. Hopefully this is not a repeat then.
Bind DN: The dn of the account to bind to the AD so you can search for users.
User Search: if you try to search by assuming (shame on them for not explaining it better) that your display name and your cn would be close to matching, then shame on HP for such small thinking. That is the default if you use the active directory users and computers tools. However, anyone who has a more mature process and doesn't like unnatural contortionist moves to be able to find things in directories will tell you, you'll have your cn equal to something that's unique and doesn't have any escape characters. If you use the display name, you'll have escape characters so that makes that tough.
If, and this is a big IF, you have your mailbox alias, samaccountname (NT logon id), and your cn match, then your search might be a heck of a lot easier. If those are not lined up, then please see the part about the big IF for a better explanation.
It's applications like these that have driven me to conclude that those field should match and should be a globally unique id. Having them be domain specific, won't be enough, and forest specific won't be enough either if you ever decide to follow Microsoft's latest idea about multiple forests on a corporate network. ;) That's because when the identities collide, there will be issues. And that would be a bad thing to try and work out because users hate it when you mess with their identity. Ugly things happen in that situation more often than not and it's a shame because they can be avoided so easily IMHO.
Al
On 8/14/06, Matheesha Weerasinghe <[EMAIL PROTECTED]> wrote:
