Reputation: 4878
Determine if ldap attribute must be unique value across the entire Domain
There are attributes that must be unique (sAMAccountName, legacyExchangeDN, distinguishedname,objectguid) in an active directory Domain.
My question is, how do i know if attribute must be unique in the active directory ?
I assume this is defined somewhere in the schema of the ldap, because on the attribute itself, you cannot determine it, but when trying to add 2 mailboxes with the same name, you get duplication error - so its probably on the server somewhere.
Thanks
Upvotes: 0
Views: 3587
Answers (1)
Reputation: 40938
There is no way to tell from the schema. Here is an article from Microsoft on the topic: Understanding unique attributes in Active Directory
It says:
Active Directory does not provide any means for identifying unique attributes. Some attributes are unique as a result of their specific processing rules defined by the protocols. In a broader AD view, this translates into associated constraints and triggers applied to objects during replica update operations. These rules depend on objects and may apply to a naming context (NC), a container, a distinguished name (DN), a domain, or an entire forest, etc.
So, basically, it has it's own rules for enforcing uniqueness on certain fields. You cannot add or remove from the fields it enforces uniqueness on.
Upvotes: 1
Related Questions
- Mandatory Active Directory attributes from LDAP
- How to check if user is a member of crossdomain group in ldap?
- LDAP search for user with repeating attribute
- LDAP | Check If UserID is Existing on AD
- Searching for lastLogon attribute of user in multiple domain servers
- LDAP query to check attributes and group membership
- Check if a object is the same
- LDAP query operational attributes
- LDAP Query Distinct
- How can I determine if an AD group contains a given DirectoryEntry from another (trusted) domain?