In this post I want to show you which characters have to be escaped in AD in distinguishedName and canonicalName Attribute.
distinguishedName
Some characters in
Active Directory have to be escaped with the backslash "\" character,
if they appear in components of a distinguished name.
Characters that
aren´t allowed in distinguished names:
# + < > ; , \
" = and SPACE
The space character
must be escaped only if it is the leading or trailing character in any
component of a distinguished name. The commas that separate components in a
distinguished name are not escaped. The following table shows example relative
distinguished names as they would appear
ADUC Name
|
Distinguished Name
|
Petun,
Arnold J.
|
cn=Petun\,
Arnold J.,ou=Sales,dc=Domain,dc=com
|
Dev\Services
|
ou=Dev\\Services,dc=Domain,dc=com
|
IT"Ext
+ Lab
|
cn=IT\"Ext
\+ Lab,ou=IT,dc=Domain,dc=com
|
Tim Black
|
cn=\
Tim Black \ ,ou=HR,dc=Domain,dc=com
|
In other AD
attributes, like Name, Description, givenName, or even cn thos characters
wouldn´t be escaped!
Find attached some
characters that are allowed in distinguished names:
| @ $ % ^ ? : { } !
' * ( ) . ` ~ & - _ [ ]
canonicalName
The escaping in
canonicalName attribute is different.
The canonicalName is a constructed attribute, so you can´t modify this
attribute. In this attribute slash and backslash characters are escaped using
the backslash escape character.
/ \
No comments:
Post a Comment