Solved

Duplicate 'name' attribute in Active Directory

Posted on 2009-07-08
1
2,268 Views
Last Modified: 2012-05-07
We have run into an issue where multiple names (e.g., John Smith) appear in the same Organizational Unit in Active Directory.  While other attributes like samaccountname, employeeid and others are unique, we find that Active Directory will not allow for a duplicate 'name' attribute.  Is this because CN derives by name by default?  Or, is there a workaround?

We ponder appending some unique value to the end of name (e.g., John Smith [jsmith01]).  However, I wanted to throw this question out there to see what other feedback I can get.  From what I have read, it seems like while you cannot have duplicate 'name' attribute values in the same Organizational Unit, you can have the same name in Active Directory in another OU.  Mainly, I was just wondering what others have done because I suspect it must be common for large directories with many users in OUs to have similar run ins with multiple John Smith names (or other common names).
0
Comment
Question by:CecilAdmin
1 Comment
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24803364
>  Is this because CN derives by name by default?

Yes. Every CN must be unique within the same container to meet the constraint that every Distinguished Name (DN) must be unique.

I'm afraid there's no way around that aside from changing the value for CN (also known as the Relative DN, RDN).

This is a limitation of LDAP rather than something unique to AD.

Whenever I've bumped into this in the past either the givenName is changed to a short version, if applicable. Or a middle initial is inserted, again if applicable.

Chris
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question