none
two equal signs in anr not working RRS feed

  • Question

  • I have added the following 2 entities to my Domain:

    PS C:\Users\Administrator.LH269> Get-ADUser -LDAPFilter '(anr==leon)'
    DistinguishedName : CN=Leon1,CN=Users,DC=LH269,DC=com
    Enabled           : True
    GivenName         : Jennifer
    Name              : Leon1
    ObjectClass       : user
    ObjectGUID        : 942dd033-6414-471b-b142-77ac954c3d07
    SamAccountName    : leon-s
    SID               : S-1-5-21-2040647692-1963463148-3417863429-1151
    Surname           : Leon
    UserPrincipalName : Leon1@LH269.com
    
    DistinguishedName : CN=Leon\, Jennifer,CN=Users,DC=LH269,DC=com
    Enabled           : True
    GivenName         : Jennifer
    Name              : Leon, Jennifer
    ObjectClass       : user
    ObjectGUID        : ff0aae88-83ad-4118-a76f-fdd90242ead5
    SamAccountName    : leon
    SID               : S-1-5-21-2040647692-1963463148-3417863429-1145
    Surname           : Leon-Jarama
    UserPrincipalName : Leon@LH269.com
    

    When i execute the following query:

    Get-ADUser -LDAPFilter '(anr==leon)'
    

    I would expect to get only 1 response: CN=Leon\, Jennifer,CN=Users,DC=LH269,DC=com

    Why do i get 2 results ? In ANR documentation it clearly say when using anr==XXX:

    You can force ANR to require an exact match on any of the attributes in the table by starting the value with the equal sign, "=" (so the filter has two equal signs)
    


    • Edited by ilan.sch Wednesday, May 23, 2018 11:57 AM
    Wednesday, May 23, 2018 10:01 AM

All replies

  • I recommend that you post this in the Active Directory Services Forum: http://social.technet.microsoft.com/Forums/en-US/winserverDS/threads


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Wednesday, May 23, 2018 11:50 PM
  • Hi,

    ANR means Ambiguous Name Resolution, and it will return objects where the string "xxxx" appears at the start of any of the naming attributes listed in below table.
    Windows Server 2000 AD LDS 2003 (and R2) 2008/2012 (and R2)
    Schema Version 13 All 30, 31 44, 47, 56, 69
    displayName X X X X
    givenName (First Name) X X X
    legacyExchangeDN X X X
    msDS-AdditionalSamAccountName X X
    msDS-PhoneticCompanyName X
    msDS-PhoneticDepartment X
    msDS-PhoneticDisplayName X
    msDS-PhoneticFirstName X
    msDS-PhoneticLastName X
    Name (RDN) X X X X
    physicalDeliveryOfficeName X X X X
    proxyAddresses X X X X
    sAMAccountName X X X
    sn (Last Name) X X X
    mail X X X X
    mailNickname X X X X
    msExchResourceSearchProperties X X X X

    Thus, the result with your command is expected.
    More information about ANR, for your reference: Active Directory: Ambiguous Name Resolution

    If you want do exact search, use Get-ADUser with some special parameter. For example: 
    Get-ADUser -Filter {Name -eq "Leon, Jennifer"}

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Proposed as answer by Allen_WangJF Sunday, May 27, 2018 2:23 AM
    Thursday, May 24, 2018 2:18 PM
  • Hi,

    Any further help we can do for you?
    If it's solved, would you please post the solution here to share it with us?
    Also, please free to mark the useful reply as answer. Thanks for your cooperation.

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Proposed as answer by Allen_WangJF Friday, June 1, 2018 1:42 AM
    Wednesday, May 30, 2018 2:00 AM