none
AD DN when FIM provisioning RRS feed

  • Question

  • Hi,

    When people use Active Directory Users & Computers, the CN part of a users DN contains the Common Name, typically 'firstname lastname' for example: cn=john smith, ou=marketing,dc=reskit,dc=com

    If all users are in a single OU, this will work if there is only 1 john smith.

    When using FIM to provision user to a single OU, we are thinking of using the 'samaccountname' in the DN to ensure uniquness as follows: cn=jsmith, ou=marketing,dc=reskit,dc=com

    My question is: for the existing AD users, can we just go ahead and change their existing CN='firstname lastname' to CN='samaccountName'? We'd like to have the DN naming convention the same for all users.

    Thanks,

    SK

    Wednesday, December 17, 2014 2:29 AM

All replies

  • I don't see a problem with that (as long as it doesn't break your FIM logic).

    The data above this text is pseudorandom, brace yourselves.

    Wednesday, December 17, 2014 9:12 AM
  • hello,

    No problem, you have to join existing object with MV object (based on samaccountname for exemple), and have a permanent flow in your SR to set the DN.

    NOTE: You have to change the DN, not the CN. CN will be updated automatically by AD.

    /antho

    Wednesday, December 17, 2014 9:19 AM
  • There should be no problem in changing this using SR flows. Just make sure that no other programs expects a certian format for the CN / DN. Other than that, you should be good - as stated in the other answers.

    To get past this problem, I usually construct the CN like CN=FirstName Lastname (sAMAccountName)

    Then you shouldn't have any clashes...


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt


    Thursday, December 18, 2014 11:56 AM