locked
Update the DistinguishedName using Powershell RRS feed

  • Question

  • Hi 

    I am trying to update the DistinguishedName  but its not happening Can anyone help me to update the DistinguishedName.

    Set-ADuser "usename" -DistinguishedName  "......................................."

    Thursday, October 11, 2018 4:26 PM

Answers

  • You cannot change the "DistinguishedName".  It is generated by AD.  You can only rename the object using "Rename-AdObject".

    help Rename-AdObject -full


    \_(ツ)_/

    • Proposed as answer by Richard MuellerMVP Thursday, October 11, 2018 6:10 PM
    • Marked as answer by jrv Thursday, November 8, 2018 2:38 PM
    Thursday, October 11, 2018 5:25 PM

All replies

  • You cannot change the "DistinguishedName".  It is generated by AD.  You can only rename the object using "Rename-AdObject".

    help Rename-AdObject -full


    \_(ツ)_/

    • Proposed as answer by Richard MuellerMVP Thursday, October 11, 2018 6:10 PM
    • Marked as answer by jrv Thursday, November 8, 2018 2:38 PM
    Thursday, October 11, 2018 5:25 PM
  • Or, you can move the object, using Move-ADObject. Both will modify the distinguishedName.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Thursday, October 11, 2018 6:13 PM
  • Actually we have  backslash (\) in Distinguishedname...  but when I check ..in name, displayname, there is no  backslash \

    Thursday, October 11, 2018 6:45 PM
  • "DisplayName" has nothing to do with "DistinguishedName".  No matter what DN is it cannot be changed.  You can only rename or move the object.


    \_(ツ)_/

    Thursday, October 11, 2018 6:47 PM
  • In distinguishedName (DN) values some characters must be escaped. The escape character is the backslash, "\". Most likely one of the DN components, probably the Name of the user, has an embedded comma, which must be escaped in the DN. But commas are not escaped in the Name, the value of the cn attribute. An example of a distinguishedName could be:

    cn=Smith\, Jim,ou=Sales,ou=West,dc=Domain,dc=com

    But in this case, cn (Name) would be "Smith, Jim". Documentation of all characters that must be escaped here:

    https://social.technet.microsoft.com/wiki/contents/articles/5312.active-directory-characters-to-escape.aspx


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Thursday, October 11, 2018 8:07 PM
  • Thanks JRV

    But because of this.. application having issue to authentication with LDAP.

    Friday, October 12, 2018 3:36 PM
  • There should be no problem authenticating with a DN that has characters escaped. However, there could be a problem if the DN includes the forward slash character, "/", in any component of the DN. The solution then is to escape the forward slash in the code that authenticates, replacing "/" with "\/". If that isn't possible, then the DN component (such as the Name) must be renamed to eliminate the forward slash.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Friday, October 12, 2018 3:44 PM
  • Hi,

    As this thread has been quiet for a while, we will mark it as ‘Answered’ as the information provided should be helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.

    Best Regards,

    Lee


    Just do it.

    • Marked as answer by Mr. Raj Thursday, November 8, 2018 2:22 PM
    • Unmarked as answer by jrv Thursday, November 8, 2018 2:38 PM
    Monday, November 5, 2018 9:58 AM