|
Home > Archive > 70-210 > January 2002 > Smiling Joe's non dump question
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Smiling Joe's non dump question
|
|
| Joe Blacke 2002-01-22, 11:19 am |
| More fun. Let's see your answers. This one should be very easy.
You are the domain administrator.
Your domain has the following OU's:
Admin
IT
Manufacturing
Sales
Your company has two users named James Smith. Both users are in the Admin OU.
You can create the account for the first James Smith, but when you try to create the active directory account for the second James Smith you receive an error message and the account cannot be created. You attempt to create the second James Smith account in the sales ou, and you are able to create the account as long as you do not use the same username as you have set for the first James Smith.
Why can you not have two users named James Smith in the same OU, even though you have assigned different usernames to each person? | |
| wbafrank 2002-01-22, 1:10 pm |
| Every object in Active Directory directory services has a distinguished name which uniquely idetifies an object and contains sufficient information for a client to retrieve the object from the Directory. The DN includes the name of the domain that holds the object, as well as the complete path through the container hierarchy to the object.
For example, the following DN identifies the Firstname Lastname user object in the mycomputer.com domain (where Firstname and Lastname represent the actual first and last names of a user account):
/DC=COM/DC=mycomputer/OU=dev/CN=users/CN=Firstname Lastname
DNs must be unique. Active Directory directory services do not allow duplicate DNs.
Active Directory directory services support querying by attributes, so you can locate an object even if the exact DN is unknown or has changed. The relative distinguished name (RDN) of an object is the part of the name that is an attribute of the object itself. In the preceding example, the RDN of the Firstname Lastname user object is Firstname Lastname. The RDN of the parent objects is Users.
You can have duplicate RDNs for Active Directory objects, but you cannot have two objects with the same RDN in the same OU. For example, if a user account is named James Smith, you cannot have another user account called James Smith in the same OU. However, objects with duplicate RDN names can exist in separate OUs because they have different DNs. | |
|
| I get real leary when someone says this should be easy. It's like telling an end user, this will only take a couple of minutes to fix and 2 hours later, you're just finishing up. 
I'm just starting to really dig into the workings of Active Directory, so if I'm wrong, show me the light Joe.
I believe we're talking about Distinguished Names (DN) and Relative Distinguished Names (RDN).
The full path to the object is defined by the DN. The DN identifies one object only and no other object in the directory has this name.
The name of the object itself, separate from the path to the object, is defined by the RDN.
Active Directory does not permit two objects with the same RDN under the same parent container. However, two objects can have identical RDN's but still be unique in the directory because within their respective parent containers, their DN's are not the same.
Am I at least in the ballpark? | |
| Joe Blacke 2002-01-22, 2:13 pm |
| Yep, you are both right.
Obviously the key is the Distinguished name and the Relative Distinguished name.
The Distinguished name is the "full name" of an object in Active Directory. It's main goal is to assist in LDAP querries, so that you can locate the EXACT object within active directory. It is basically the full path in the directory to the object. Think of it, like file/folder heirarchy. When you want to find a file, you start with the parent folder (or domain), and then progress down to the subfolders (or OU levels) until you locate the filename (the object).
When you use bulk import methods, such as CSVIDE and LDIFDE, you have to understand how to specify the full DN of an object.
In active directory, if two objects within the same OU have the same name (RDN), then their DN's would be identical. If you are using a tool that perform an LDAP querry, you wouldn't be able to tell the two objects apart. However, if the two object are in different OU's, then the DN's are different. Just like with files and folders. |
|
|
|
|