0 votes

Hi,

We are in process of implementing the User Creation/Deletion & Add/Remove Users to Group.
We have been using the Canonical name for referencing the ADGroup/OU Unit and Users with the Distinguished name.

Question:
we want to use ObjectGuid instead of the Distinguished name, I wonder about the possibility?

In this below example, we aim to use GUID/UPN over the Distinguished name in Manager attribute.

for example:
<ProcessRequest xmlns="http://softerra.com/adaxes/spmlwebservice">
<requestElement >
<addRequest returnData="everything" targetID="all domains" xmlns="urn:oasis:names:tc:SPML:2:0">
<containerID ID="{ObjectGuid}" />
<data >
<attr name="cn" xmlns="urn:oasis:names:tc:DSML:2:0:core">
<value >TESTFN17 TESTLN17</value>
</attr>
<attr name="givenName" xmlns="urn:oasis:names:tc:DSML:2:0:core">
<value >TESTFN17</value>
</attr>
<attr name="sn" xmlns="urn:oasis:names:tc:DSML:2:0:core">
<value >TESTLN17</value>
</attr>
<attr name="manager" xmlns="urn:oasis:names:tc:DSML:2:0:core">
<value >CN=PRDTESTFN9 PRDTESTLN9,OU=Users,OU=Company,DC=Company,DC=net</value>
</attr>
<attr name="objectclass" xmlns="urn:oasis:names:tc:DSML:2:0:core">
<value >user</value>
</attr>
</data>
</addRequest>
</requestElement >
</ProcessRequest>

Currently, i'm getting below error response when i use UPN in Manager Name Reference attribute.

<ProcessRequestResponse xmlns="http://softerra.com/adaxes/spmlwebservice">
<ProcessRequestResult>
<addResponse status="failure" error="customError" xmlns="urn:oasis:names:tc:SPML:2:0">
<errorMessage>The name reference is invalid. (Server: company.net)</errorMessage>
</addResponse>
</ProcessRequestResult>
</ProcessRequestResponse>

Thanks,
Aravindh

by (100 points)

1 Answer

0 votes
by (294k points)
selected by
Best answer

Hello Aravindh,

Yes, it is possible to use the manager GUID instead of the distinguished name. The GUID should be specified in the following format:
<attr name="manager" xmlns="urn:oasis:names:tc:DSML:2:0:core">
<value>&lt;GUID=855ED5AB-960A-47EF-941E-B3D4AE2E8163&gt;</value>
</attr>

0

Thanks for the response!.
however, we only have the email id/UPN and when i tried, it throws me
...
<attr name="manager" xmlns="urn:oasis:names:tc:DSML:2:0:core">
<value ><UPN=PRDTESTFN19.PRDTESTLN19@company.net></value>
</attr>
...

Response:
<ProcessRequestResponse xmlns="http://softerra.com/adaxes/spmlwebservice">
<ProcessRequestResult>
<addResponse status="failure" error="customError" xmlns="urn:oasis:names:tc:SPML:2:0">
<errorMessage>The parameter is incorrect. (Server: company.net)</errorMessage>
</addResponse>
</ProcessRequestResult>
</ProcessRequestResponse>

Thanks

0

Hello Aravindh,

There is no possibility to use the UPN property in this manner, only the GUID or SID of the desired manager.

Related questions

0 votes
1 answer

Hello, I don't find an attribute for the netbios name of managed Domains like adm-DomainDN? How can I add the NetBios name to a report like "All users"? regards Helmut

asked Mar 5, 2021 by a423385 (510 points)
0 votes
1 answer

We are looking at Adaxes as a way to update user's passwords offline and updating the computer's cached password. Currently, a majority of our computers are off the network ... via the Internet. Is this a viable option? What issues are we not considering?

asked Sep 18, 2020 by bmajors (20 points)
0 votes
1 answer

Hi, is it possible to show the DisplayName instead of the Name in the personal header? In our new AD structure cn should match everything else, like Alias, email prefix ... when they see a CN like in the screenshot. Regards and thanks in advance Ingemar Jacob

asked Sep 19, 2013 by ijacob (960 points)
0 votes
0 answers

When the UPN being created is the same as an existing one except for the case. For instance, the new UPN is sally.fields but there's an existing Sally.Fields. The ... but then fails to create the AD account indicating that the UPN is not unique forestwide.

asked Jul 13, 2022 by sandramnc (870 points)
3,588 questions
3,277 answers
8,303 comments
548,091 users