Custom Full Name Attribute Setting Is Ignored by the ADMA (312388)


The information in this article applies to:

  • Microsoft Metadirectory Services 2.2
  • Microsoft Metadirectory Services 2.2 SP1
This article was previously published under Q312388

SYMPTOMS

If you use Microsoft Metadirectory Services (MMS) to create new objects in both the Active Directory management agent (ADMA) connector space and in Active Directory, these objects unexpectedly use the relative distinguished name of the metaverse object. This problem occurs even if you configure the ADMA to create a customized Full Name attribute. Typically, the relative distinguished name is the metaverse object's common name. When this problem occurs, error messages are not logged in any of the log files to warn you that the custom configuration was ignored.

NOTE: This article describes the cause of this problem and how to resolve it. However, please read the following article carefully to review how the Full Name attribute is configured. MMS and the ADMA configures the Full Name attribute differently than the corresponding Display Name and User Logon Name attributes.

311027 Configure the ADMA to Set a Customized Full Name Attribute

CAUSE

This problem may occur if a multiple-component relative distinguished name exists in the metaverse distinguished name ($mv.dn). The Active Directory relative distinguished name and the connector space relative distinguished name must match; however, Active Directory does not support multiple-component relative distinguished names. For more information about multiple-component relative distinguished names, refer to the "More Information" section of this article.

The New Connectors template contains a code that automatically modifies the common name if a plus sign (+) is present in the distinguished name of the object. This functionality ensures that the relative distinguished name that MMS builds for the Active Directory object is compliant with the Active Directory requirements. The relative distinguished names must match to guarantee that the new Active Directory object is successfully discovered by MMS during subsequent discoveries.

RESOLUTION

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements. To resolve this problem:
  1. Use Compass to log on to MMS as an administrator.
  2. Click Management Agents on the Bookmarks menu in the left pane.
  3. Click the appropriate ADMA in the right pane.
  4. Click Design MA on the Actions menu in the left pane.
  5. Click the Control Connected Directory tab.
  6. Click the Output Construction Templates tab.
  7. Click the New Connectors tab.
  8. Locate the following section:
    # We need to escape the  comma in the RDN
$v_fullName = $replace($v_fullName, ",", "\,")

   if $EXISTS($v_fullName) = TRUE
      then
          if $EMBEDDED(" + ", $mv.dn) = TRUE
          then
             $v_cdDn = CN= $GET_SUBSTRING($DN_COMPONENT($mv.dn, 1), "", " + ") , $parent("$v_cdDn")
             else
             $v_cdDn = CN= $v_fullName , $parent("$v_cdDn")
          endif
      endif
  9. Replace the code that you located in the previous step with the following code: 
       if $EXISTS($v_fullName) = TRUE
      then
         if $EMBEDDED(" + ", $v_fullname) = TRUE
           then
           $v_cdDn = CN= $GET_SUBSTRING($DN_COMPONENT($v_fullname, 1), "", " + ") , $parent("$v_cdDn")
           else
           $v_cdDn = CN= $v_fullName , $parent("$v_cdDn")
         endif
   endif
    NOTE: The preceding code is used in both a section for users and a section for contacts. If the object is a contact, the code is located later in the template. Ensure that you change the correct section of code based on whether the affected object is a user or a contact.
  10. Click OK.

MORE INFORMATION

The following information is taken from the Request for Comments (RFC) 1485, "A String Representation of Distinguished Names":

The "+" notation is used to specify multiple-component relative distinguished names. In this case, the types for attributes in the relative distinguished name must be explicit.

A multiple-component relative distinguished name is defined as a relative distinguished name that uses two attributes to build the relative distinguished name. The two attributes are concatenated by using a plus sign (+). The following distinguished name is an example of a distinguished name in which the first name is a multiple-component relative distinguished name:

CN=Jeff Smith+UID=1234,ou=Sales,dc=Microsoft,dc=com

The following code is from the New Connectors template of a MMS 2.2 Service Pack 1 (SP1) ADMA, and it is used to process a user object. The same basic code is also used for a contact object later in the template. In the first two sections of code, the template tests for either the $msMMS-AdMaUserFullNameProjection attribute value (the user object) or the $msMMS-AdMaContactFullNameProjection attribute value (contact object). This value depends on the configuration of the Full Name attribute for either the users or the contacts as defined on the Active Directory Creation Settings tab in the Configure the Management Agent dialog box. In the following example, the $v_fullname attribute is assigned a value that is based on the Full name creation template. This template is defined in either the $msMMS-AdMaUserFullNameProjection attribute or the $msMMS-AdMaContactFullNameProjection attribute value, depending on whether the object is a contact or a user.

NOTE: The following code does not reflect the workaround that is described in the "Resolution" section of this article: 
# Check if this object will be a user in which case we must apply the 
# user fullname construction rule
if $exist($multi_valued("$MA()", $mv.msMMS-managedByMA)) = TRUE
    then
        if $MA($msMMS-AdMaUserFullNameProjection) = SurnameCommaGivenName
        then
           $v_fullName = ($mv.sn, )($mv.givenName)
         else
            if $MA($msMMS-AdMaUserFullNameProjection) = Custom
            then
               $v_fullName = $export_template("$MA($msMMS-AdMaUserFullNameProjectionTemplate)")
            else
               $v_fullName = $mv.cn
            endif
         endif

      # The object is going to become a contact in AD
      # The contact fullname construction rule should be applied
      else
         if $MA($msMMS-AdMaContactFullNameProjection) = SurnameCommaGivenName
         then
           $v_fullName = ($mv.sn, )($mv.givenName)
         else
            if $MA($msMMS-AdMaContactFullNameProjection) = Custom
            then
               $v_fullName = $export_template("$MA($msMMS-AdMaContactFullNameProjectionTemplate)")
            else
               $v_fullName = $mv.cn
            endif
         endif

# We need to escape the  comma in the RDN
$v_fullName = $replace($v_fullName, ",", "\,")

   if $EXISTS($v_fullName) = TRUE
      then
          if $EMBEDDED(" + ", $mv.dn) = TRUE
          then
             $v_cdDn = CN= $GET_SUBSTRING($DN_COMPONENT($mv.dn, 1), "", " + ") , $parent("$v_cdDn")
             else
             $v_cdDn = CN= $v_fullName , $parent("$v_cdDn")
          endif
      endif
This code sample processes the following multiple-component relative distinguished name in the following way: 
CN=Jeff Smith+UID=1234,ou=Sales,dc=Microsoft,dc=com
First, the object meets the first condition of the embedded plus sign (+): 
if $EMBEDDED(" + ", $mv.dn) = TRUE
Next, the $GET_SUBSTRING function and the $DN_COMPONENT function pull out the first part of the multiple-component relative distinguished name: 
$v_cdDn = CN= $GET_SUBSTRING($DN_COMPONENT($mv.dn, 1), "", " + ") , $parent("$v_cdDn")
The $PARENT function is used to add the rest of the structure of the object.

In the last section of the code sample, the $v_fullname attribute is used until the last conditional test. If the $EMBEDDED() function finds a plus sign (+) in the distinguished name of the object (if $EMBEDDED(" + ", $mv.dn) = TRUE), the $v_fullname attribute is not used as the relative distinguished name of the $v_cdDn variable. Instead, when MMS builds the Full Name attribute (common name), it looks for the first part of the multiple-component relative distinguished name, and then takes everything which precedes the plus sign (+): 
($v_cdDn = CN= $GET_SUBSTRING($DN_COMPONENT($mv.dn, 1), "", " + ") , $parent("$v_cdDn"))
The $v_cdDn variable is used to build the $cs.dn variable for the connector space objects. Because the connector space relative distinguished name and the connected directory relative distinguished name must match when they are created in the ADMA, the objects that are created in Active Directory use only the first part of the multiple-valued full name instead of the $v_fullname value, as expected.
Modification Type:MajorLast Reviewed:6/29/2005
Keywords:kbcode kbenv kbprb KB312388
©2004 Microsoft Corporation. All rights reserved.