Overview#We have run into this often enough in IDM Projects and general LDAP questions that we thought is was worth noting.
Generally we are explaining how LDAP Attributes names relate to the names within the Microsoft Management Console (MMC) and how LDAP Attributes names relate are utilized for naming entries within Microsoft Active DirectoryMicrosoft Active Directory MMC and LDAP values for the MMC General Tab. Microsoft Active Directory MMC and LDAP values for the MMC Account Tab. Cn, Name, DistinguishedName, and ObjectGUID attributes.
Mandatory User Attributes#The only attributes that are mandatory are "samAccountName" and "CN". (Other than the ObjectClass)
- If a user object is created with the LDAP provider, values must be specified for both "CN" and "samAccountName".
- If a user object is created with the WinNT provider, only the "Name" attribute is specified ("samAccountName"), but "CN" is automatically assigned to the same value.
- If a user object is created in the "Active Directory Users and Computers" MMC, the names default as follows. When you specify the following:
The fields labeled:
- "Full Name" - defaults to be <givenName> <initials>. <sn>.
- "CN" - The value is also, by default, the same as the "Full Name".
- "User logon name" -
You are can to overwrite the defaults.
The fact that the cn attribute is referred to as "Full Name" is another source of confusion.