Share via


How to: Construct a Distinguished Name

When an attribute value change to the FIM Synchronization Service database (metaverse) occurs, such as when you change the employee status, you might have to change the distinguished name of an existing connector space entry to rename or move the object in a connected data source.

You can change the distinguished name of an existing connector by first iterating through the Item property to get the first connector. If the metaverse entry contains multiple connectors, use conditional logic to identify the appropriate connector. After you get the appropriate connector, set the DN property to the new distinguished name.

The following example shows how to construct a distinguished name by using the Concat method. If the distinguished name exists, this example catches the exception and appends an integer to the end of the distinguished name until the distinguished name is unique.

Public Sub Provision(ByVal mventry As MVEntry) _
    Implements IMVSynchronization.Provision

    Dim uniqueDN As Boolean = False
    Dim connectors As Integer
    Dim index As Integer = 0
    Dim csEntry As CSEntry
    Dim container, rdn As String
    Dim ma As ConnectedMA
    Dim dn As ReferenceValue

    Dim ExceptionMessage As String

    container = "CN=users,DC=fabrikam,DC=com"
    ma = mventry.ConnectedMAs("Fabrikam AD MA")

    If Not mventry("cn").IsPresent Then

        ExceptionMessage = "The attribute cn was unexpectedly not present on the <tla rid="fim_syncdb_short" /> object."
        Throw New UnexpectedDataException(ExceptionMessage)

    Else
        rdn = "CN=" & mventry("cn").Value
        dn = ma.EscapeDNComponent(rdn).Concat(container)
        connectors = ma.Connectors.Count

        ' If there are no existing connectors, create a new connector.
        If 0 = connectors Then

            ' Verify whether the distinguished name is unique. If it
            ' is not unique, create a new distinguished name.
            While Not uniqueDN
                Try
                    csEntry = ma.Connectors.StartNewConnector("user")
                    csEntry.DN = dn

                    csEntry.CommitNewConnector()
                    uniqueDN = True

                ' The catch block creates a new distinguished name by
                ' appending an integer to the original rdn (cnValue).
                Catch oaex As ObjectAlreadyExistsException
                    rdn = "CN=" + mventry("cn").Value + index.ToString()
                    dn = ma.EscapeDNComponent(rdn).Concat(container)
                    index = index + 1
                    uniqueDN = False
                End Try

            End While

        End If

    End If
End Sub
void IMVSynchronization.Provision (MVEntry mventry)
{
    bool uniqueDN = false;
    int connectors, index = 0;
    CSEntry csEntry;
    string container, rdn;
    ConnectedMA ma;
    ReferenceValue dn;

    container = "CN=users,DC=fabrikam,DC=com";
    ma        = mventry.ConnectedMAs["Fabrikam AD MA"];

    if(!mventry["cn"].IsPresent)
    {
        string ExceptionMessage;
        ExceptionMessage = "The attribute cn was unexpectedly not present on the <tla rid="fim_syncdb_short" /> object.";
        throw new UnexpectedDataException(ExceptionMessage);
    }
    
    else
    {    
        rdn         = "CN=" + mventry["cn"].Value;
        dn          = ma.EscapeDNComponent(rdn).Concat(container);
        connectors  = ma.Connectors.Count;

        // If there are no existing connectors, create a new connector.
        if(0 == connectors)
        {
            // Verify whether the distinguished name is unique. If it
            // is not unique, create a new distinguished name.
            while(!uniqueDN)
            {
                try
                {
                    csEntry    = ma.Connectors.StartNewConnector("user");
                    csEntry.DN = dn;               

                    // If connector space entry with the same distinguished name exists,
                    // CommitNewConnector() throws an exception.
                    csEntry.CommitNewConnector();
                    uniqueDN = true;
                }
                
                // The catch block creates a new distinguished name by
                // appending an integer to the original rdn (cnValue).
                catch(ObjectAlreadyExistsException)
                {
                    rdn = "CN=" + mventry["cn"].Value + index.ToString();
                    dn  = ma.EscapeDNComponent(rdn).Concat(container);
                    index++;
                    uniqueDN = false;
                }
            }
        }        
    }
}
  • Make sure that you have all the required information to construct the new distinguished name before you call the EscapeDNComponent method.

  • If you try to rename a connector by changing the value of the DN property, and the new value differs from the original value by case, the rename attempt is ignored because the new value is really the same as the original value. However, if you try to rename a connecter by changing the value of the RDN property, the rename occurs even if the original and new values for the DN property differ only in case. If the original and new values for the DN property are the same, the rename attempt is ignored.

See Also

Reference

DN
RDN
Concat

Concepts

Creating and Checking Attribute Values