2.2.1.1 Distinguished Names for Objects
Address book distinguished names (ABDNs) are used to uniquely identify objects in the address book. Throughout the rest of this specification, the term distinguished name (DN) is used to refer to an address book DN. Each Address Book object MUST have a unique DN value, expressed as a NULL-terminated ASCII string. The DN is stored in the PidTagEmailAddress property (section 2.2.3.14). The DN is also embedded in the Distinguished Name field of the PermanentEntryID structure, as specified in [MS-NSPI] and [MS-OXNSPI] section 2.2.9.3.<4> DNs are structured as shown in the following Augmented Backus-Naur Form (ABNF) definition, as specified in [RFC5234].
-
dn = organization-dn / addresslist-dn / x500-dn organization-dn= org-rdn addresslist-dn = "/guid=" container-guid / gal-addrlist-dn container-guid= 32(HEXDIG) gal-addrlist-dn = "/" x500-dn = x500-container-dn object-rdn ; x500-dns are limited to 16 levels x500-container-dn = org-rdn org-unit-rdn 0*13(container-rdn) org-rdn = "/o=" rdn org-unit-rdn = "/ou=" rdn container-rdn = "/cn=" rdn object-rdn = "/cn=" rdn rdn = ( non-space-teletex ) / ( non-space-teletex *62(teletex-char) non-space-teletex ) ; rdn values are limited to 64 characters ; the number of rdns is limited to 16 but the ; total cumulative length of rdn characters in ; An x500-dn is limited to 256. teletex-char = SP / non-space-teletex non-space-teletex= "!" / DQUOTE / "%" / "&" / "\" / "(" / ")" / "*" / "+" / "," / "-" / "." / "0" / "1" / "2" / "3" / "4" / "5" / "6" / "7" / "8" / "9" / ":" / "<" / "=" / ">" / "?" / "@" / "A" / "B" / "C" / "D" / "E" / "F" / "G" / "H" / "I" / "J" / "K" / "L" / "M" / "N" / "O" / "P" / "Q" / "R" / "S" / "T" / "U" / "V" / "W" / "X" / "Y" / "Z" / "[" / "]" / "_" / "a" / "b" / "c" / "d" / "e" / "f" / "g" / "h" / "i" / "j" / "k" / "l" / "m" / "n" / "o" / "p" / "q" / "r" / "s" / "t" / "u" / "v" / "w" / "x" / "y" / "z" / "|"
DNs for specific objects have a strict format, as shown in the following table.
Object type |
DN format |
Notes |
---|---|---|
Address book container |
addresslist-dn |
|
Global Address List container |
gal-addrlist-dn |
|
Mail user |
x500-dn |
The org-rdn string is the mail user's organization. |
Organization |
organization-dn |
|
Store |
x500-dn |
The x500-container-dn is the mailbox server. |
Mailbox server |
x500-dn |
The relative distinguished name (RDN) in the object-rdn is the name of the mailbox server. |
Room container reference |
x500-dn with no container-rdn |
The RDN of the object-rdn matches the container-guid of the address book container. |
All other Address Book objects |
dn |
|
When the DN of an Address Book object that is obtained from an NSPI server matches the DN of an Address Book object that is obtained from an OAB, the objects represent the same entity. The OAB SHOULD<5> include additional properties not available on the NSPI server. Properties SHOULD have the same value when present on both data sources. One exception to having the same value on both data sources is if the properties are truncated in the OAB, according to the limitations specified in [MS-OXOAB] section 2.9.2.2.1. Another exception is if the value on an NSPI server has changed since the OAB was created, or if the NSPI server was restored from a backup after the OAB was created. In such a case, the NSPI server and the OAB are said to be "out of sync". That is, the data in the two sources reflects two different time periods.