Adaxes

Using UPN instead of Distinguished name for Manager reference?

0 votes

Hi,

We are in process of implementing the User Creation/Deletion & Add/Remove Users to Group.
We have been using the Canonical name for referencing the ADGroup/OU Unit and Users with the Distinguished name.

Question:
we want to use ObjectGuid instead of the Distinguished name, I wonder about the possibility?

In this below example, we aim to use GUID/UPN over the Distinguished name in Manager attribute.

for example:
<ProcessRequest xmlns="http://softerra.com/adaxes/spmlwebservice">
<requestElement >
<addRequest returnData="everything" targetID="all domains" xmlns="urn:oasis:names:tc:SPML:2:0">
<containerID ID="{ObjectGuid}" />
<data >
<attr name="cn" xmlns="urn:oasis:names:tc:DSML:2:0:core">
<value >TESTFN17 TESTLN17</value>
</attr>
<attr name="givenName" xmlns="urn:oasis:names:tc:DSML:2:0:core">
<value >TESTFN17</value>
</attr>
<attr name="sn" xmlns="urn:oasis:names:tc:DSML:2:0:core">
<value >TESTLN17</value>
</attr>
<attr name="manager" xmlns="urn:oasis:names:tc:DSML:2:0:core">
<value >CN=PRDTESTFN9 PRDTESTLN9,OU=Users,OU=Company,DC=Company,DC=net</value>
</attr>
<attr name="objectclass" xmlns="urn:oasis:names:tc:DSML:2:0:core">
<value >user</value>
</attr>
</data>
</addRequest>
</requestElement >
</ProcessRequest>

Currently, i'm getting below error response when i use UPN in Manager Name Reference attribute.

<ProcessRequestResponse xmlns="http://softerra.com/adaxes/spmlwebservice">
<ProcessRequestResult>
<addResponse status="failure" error="customError" xmlns="urn:oasis:names:tc:SPML:2:0">
<errorMessage>The name reference is invalid. (Server: company.net)</errorMessage>
</addResponse>
</ProcessRequestResult>
</ProcessRequestResponse>

Thanks,
Aravindh

by (100 points)

1 Answer

0 votes
by (288k points)
selected by
Best answer

Hello Aravindh,

Yes, it is possible to use the manager GUID instead of the distinguished name. The GUID should be specified in the following format:
<attr name="manager" xmlns="urn:oasis:names:tc:DSML:2:0:core">
<value>&lt;GUID=855ED5AB-960A-47EF-941E-B3D4AE2E8163&gt;</value>
</attr>

0

Thanks for the response!.
however, we only have the email id/UPN and when i tried, it throws me
...
<attr name="manager" xmlns="urn:oasis:names:tc:DSML:2:0:core">
<value ><UPN=PRDTESTFN19.PRDTESTLN19@company.net></value>
</attr>
...

Response:
<ProcessRequestResponse xmlns="http://softerra.com/adaxes/spmlwebservice">
<ProcessRequestResult>
<addResponse status="failure" error="customError" xmlns="urn:oasis:names:tc:SPML:2:0">
<errorMessage>The parameter is incorrect. (Server: company.net)</errorMessage>
</addResponse>
</ProcessRequestResult>
</ProcessRequestResponse>

Thanks

by (100 points)
edited by
0

Hello Aravindh,

There is no possibility to use the UPN property in this manner, only the GUID or SID of the desired manager.

by (288k points)
moved by

Related questions

0 votes
1 answer
Value Reference to netbios name of a user

Hello, I don't find an attribute for the netbios name of managed Domains like adm-DomainDN? How can I add the NetBios name to a report like "All users"? regards Helmut

asked Mar 5, 2021 by a423385 (510 points)
0 votes
1 answer
Can the Self Service Client be installed using SCCM instead of a GPO?

We are looking at Adaxes as a way to update user's passwords offline and updating the computer's cached password. Currently, a majority of our computers are off the network ... via the Internet. Is this a viable option? What issues are we not considering?

asked Sep 18, 2020 by bmajors (20 points)
0 votes
1 answer
show DisplayName instead of Name

Hi, is it possible to show the DisplayName instead of the Name in the personal header? In our new AD structure cn should match everything else, like Alias, email prefix ... when they see a CN like in the screenshot. Regards and thanks in advance Ingemar Jacob

asked Sep 19, 2013 by ijacob (960 points)
0 votes
0 answers
How can this be adapted to account for a UPN with the same name just in a different case?

When the UPN being created is the same as an existing one except for the case. For instance, the new UPN is sally.fields but there's an existing Sally.Fields. The ... but then fails to create the AD account indicating that the UPN is not unique forestwide.

asked Jul 13, 2022 by sandramnc (870 points)
3,538 questions
3,229 answers
8,224 comments
547,751 users