how to query for slash and backslash in active directory
often times when integrating with other idm solutions or using directory sync or some sort, the other system may not be able to parse the slash or backslash properly. here’s one way to root out where those objects may be residing and what they are. if you want to find objects in AD that may contain a slash (/) or a backslash (\) in the object cn, you can use a simple query like this:
adfind -default -f "(|(cn=*\2f*)(cn=*\5c*))" dn cn
same thing with dsquery, if you prefer that:
dsquery * domainroot -filter "(|(cn=*\2f*)(cn=*\5c*))" -attr distinguishedname cn
you can find this and more in the list of escapable characters at: http://msdn.microsoft.com/en-us/library/aa746475.aspx. don’t miss joe richards’ comment in the community section. :)
and of course, you can find this information in rfc2254. (the msdn list is more complete, oddly.)
woah, lol ok... i obviously do not understand this =)
ReplyDeletelol @ your comment. i think i got lost @ idm solutions.
ReplyDeleteokay, for the record... idm = identity management. basically, when you have lots and lots of disparate systems that all contain some small chunk of who you are, you need a way to try to bring all that together.
ReplyDeleteyou know what a pain in the ass it is to move, right? when you move, you gotta file a change of address with the post office, send change of address notes to all of your utilities, etc, etc, etc. imagine tying all that together so that when you move, you make one change, and it gets to everyone (except stalkers or people you specify).
same concept. you have a user that has 5.3 million passwords to 7.2 million systems. to make it as painless as possible, you let the user change their password once... and let all the disparate systems get sync'd up.
hmmm maybe it's more like a facebook notification system... hell i dunno. :)
oh ok i think i understand it better. sounds pretty badass
ReplyDelete