Most customers I work with do CN=<samAccountName> or CN=<badge number>. CN=First Last or CN=Last, First are great for manual management with ADUC but beyond that they're obnoxious. Vendors assuming this is the only way data should be formatted, much less assuming that they can split on the first space to get the two tokens need to rethink things.
Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -----Original Message----- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Friday, February 03, 2012 2:19 PM To: NT System Admin Issues Subject: Re: CN format question I would hazard to guess 50% of Active Directory deployments use "CN=Last\, First" RDN format. It is quite normal, and an application has no business trying to parse meaningful stuff out of the RDN anyway... that is why the discrete "sn" and "givenName" fields are there. Certainly if an application cannot tolerate an escaped comma in the DN at all, that's an application bug, not a problem with the directory data. IMHO, "CN=logonid" is a better way--this is how most non-AD directories roll--but I guess since ADUC slops the name fields into CN / RDN, that approach persists in AD generally. --Steve On Fri, Feb 3, 2012 at 2:16 PM, Kennedy, Jim <kennedy...@elyriaschools.org> wrote: > Thanks Bonnie, that was my feeling also. I too feel it is an app > issue, but wanted to get some opinions since I am fuzzy on this. The > issue isn't the \, they are choking on my lastname then firstname. > They are looking for FirstName first. I would be shocked that they cannot > accommodate my way. > Can't imagine my way is 'wrong'. It was just a choice someone made > here before my time. > > > > From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] > Sent: Friday, February 03, 2012 2:01 PM > > > To: NT System Admin Issues > Subject: RE: CN format question > > > > The part you've shown us looks normal to me for Microsoft AD. The \ > is there to escape the comma that follows. Maybe their app can't deal > with that? > > > > http://www.informit.com/articles/article.aspx?p=101405&seqNum=7 > > > > > > From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] > Sent: Friday, February 03, 2012 10:09 AM > > > To: NT System Admin Issues > Subject: CN format question > > > > Having an issue with a vendor with some LDAP lookups. I certainly saw > this years ago, but never looked into it. Our CN's are backwards from > how most people do it I think. Is there anything wrong with it being > this way? Why is that \ there? > > > > CN=Kennedy\, Jim,OU=(Redacted list of OU/DC's) > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin