Overview#

Almost any characters can be used in Distinguished Names. However, some must be escaped with the backslash "\" Escape character.

LDAP requires that the following characters be escaped:

NameCharacter
comma,
Backslash character\
Pound sign (hash sign)#
Plus sign+
Less than symbol<
Greater than symbol>
Semicolon;
Double quote (quotation mark)"
Equal sign=
Leading or trailing spaces

The space character must be escaped only if it is the leading or trailing character in a component name, such as a Common Name. Embedded spaces should not be escaped.

In addition, ADSI requires that the forward slash character "/" also be escaped in Distinguished Names. The ten characters above, plus the forward slash, must be escaped in VBScript programs because they use ADSI. If you view attribute values with ADSI Edit you will see the ten characters above escaped, but not the forward slash. Utilities (like adfind.exe) that do not use ADSI need to have the ten characters above escaped, but not the forward slash.

Some "special" characters that are allowed in Distinguished Names and do not need to be escaped include:

* ( ) . & - _ [ ] ` ~ | @ $ % ^ ? : { } ! '

From our experience, we discourage any special characters within the Naming Attributes. Many LDAP tools may not be able to handle Special Characters.

More Information#

There might be more information for this subject on one of the following: