确定 ldap 属性在整个域中是否必须是唯一值
Determine if ldap attribute must be unique value across the entire Domain
有些属性在活动目录域中必须是唯一的(sAMAccountName、legacyExchangeDN、distinguishedname、objectguid)。
我的问题是,我如何知道属性在活动目录中是否必须是唯一的?
我假设这是在 ldap 架构中的某处定义的,因为在属性本身上,您无法确定它,但是当尝试添加 2 个具有相同名称的邮箱时,您会收到重复错误 - 所以它可能在服务器某处。
谢谢
无法从架构中分辨出来。这是 Microsoft 关于该主题的文章:Understanding unique attributes in Active Directory
它说:
Active Directory does not provide any means for identifying unique
attributes. Some attributes are unique as a result of their specific
processing rules defined by the protocols. In a broader AD view, this
translates into associated constraints and triggers applied to objects
during replica update operations. These rules depend on objects and
may apply to a naming context (NC), a container, a distinguished name
(DN), a domain, or an entire forest, etc.
所以,基本上,它有自己的规则来强制某些字段的唯一性。您不能在强制执行唯一性的字段中添加或删除。
有些属性在活动目录域中必须是唯一的(sAMAccountName、legacyExchangeDN、distinguishedname、objectguid)。
我的问题是,我如何知道属性在活动目录中是否必须是唯一的?
我假设这是在 ldap 架构中的某处定义的,因为在属性本身上,您无法确定它,但是当尝试添加 2 个具有相同名称的邮箱时,您会收到重复错误 - 所以它可能在服务器某处。
谢谢
无法从架构中分辨出来。这是 Microsoft 关于该主题的文章:Understanding unique attributes in Active Directory
它说:
Active Directory does not provide any means for identifying unique attributes. Some attributes are unique as a result of their specific processing rules defined by the protocols. In a broader AD view, this translates into associated constraints and triggers applied to objects during replica update operations. These rules depend on objects and may apply to a naming context (NC), a container, a distinguished name (DN), a domain, or an entire forest, etc.
所以,基本上,它有自己的规则来强制某些字段的唯一性。您不能在强制执行唯一性的字段中添加或删除。