What is the correct way to map distinguishedName of an AD user to Person object in the MV? Should MV be extended with a new string attribute or a reference? This mapping is not for provisioning scenarios but simply for data synchronization from AD to MV to FIM (uni-directional). Thanks.Anu

Not sure if I understand your question correctly but there is actually no correct way to do this. The DN of an object is a location information that is owned by ADDS. From that perspective, the question is, what the underlying structure of your OUs in ADDS is. For example, you may have your OU structure aligned with your department structure. In this case, you can use the department information to verify whether an object is in the right OU and fix it if necessary. However, there is typically no need to track the DN information in the metaverse. In case of our example, having the department information is good enough to make sure that the DN of an object is correct... In essence, unless, you have a specific reason, there is no need to track the DN in the metaverse. If you have a reason, it is still up to you and your scenario requirements to pick the right format. The most common data type is typically just a string. Cheers, Markus Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Thank you, Markus. I need the DN information on users for an out-of-band process initiated and executed by FIM workflows. I wasn't sure if it was ok to import and sync distinguishedName attibute as string, but then that is what I am doing.Anu