Where do I get the Domain name from?
Ok, for a single domain, I cheated and hard coded the domain name from the sync. I put together the following sheet to track the relationship between AD/Metaverse and ILM Active Directory Object Names Metaverse Names ILM Directory Names sAMAccountName AccountName AccountName AD_UserCannotChangePassword AD_UserCannotChangePassword streetAddress Address Address assistant Assistant Assistant AuthNWFLockedOut AuthNWFLockedOut AuthNWFRegistered AuthNWFRegistered l City City company Company Company CostCenter CostCenter CostCenterName CostCenterName co Country Country Creator Creator DeletedTime DeletedTime department Department Department description Description Description DetectedRulesList DetectedRulesList displayName DisplayName DisplayName Domain Domain mail Email Email EmployeeEndDate EmployeeEndDate employeeID EmployeeID EmployeeID EmployeeStartDate EmployeeStartDate employeeType EmployeeType EmployeeType ExpirationTime ExpirationTime givenName FirstName FirstName IsRASEnabled IsRASEnabled title JobTitle JobTitle sn LastName LastName LastResetAttemptTime LastResetAttemptTime LoginName LoginName mailNickname MailNickname MailNickname Manager Manager MiddleName MiddleName MobilePhone MobilePhone objectSid ObjectID ObjectID ObjectSID ObjectSID ObjectType ObjectType facsimileTelephoneNumber OfficeFax OfficeFax OfficeLocation OfficeLocation telephoneNumber OfficePhone OfficePhone Owner photo Photo Photo postalCode PostalCode PostalCode ProxyAddressCollection ProxyAddressCollection Register Register RegistrationRequired RegistrationRequired ResetPassword ResetPassword sIDHistory SIDHistory SIDHistory objectsid objectSidString objectsidstring What I COULDN'T see in A/D (or at least maybe overlooked it) was where the domain name was in the particular objects? OR is it presumed and hard coded? IE: In a Forest with multiple child domains, how do I obtain the Domain name from a synchronized object FROM Active Directory naturally?Missing the "obvious" I am guessing :)
August 4th, 2009 8:42pm

I extract itfrom the dn. Anu
Free Windows Admin Tool Kit Click here and download it now
August 5th, 2009 12:14am

You did not miss the obvious you raised a very good point!The NetBIOS domain name is not tied to an object in form an attribute so, you can stop looking for it :o)Some folks calculate the attribute value from the DN value. If an object belongs to DC=fabrikam,DC=com, the assumption is made, that the object must belong to the fabrikam domain.However, this is a pretty risky assumption since there is no technical requirement for the NetBIOS domain name to be the same as the related component in the DN.In other words, these two attribute values CAN be different!You shouldexamine your environment before running into surprises.Unfortunately, I have no silver bullet for you.You should at least run a script against AD to check whether both values are the same. If so, you can use the DN to extract the domain name.However, as mentioned before, you should at least not assume that they must be the same.Cheers,MarkusMarkus Vilcinskas, Technical Content Developer, Microsoft Corporation
August 5th, 2009 12:18am

The customer I'm working with defines the domain on the HR side. Therefore we simply flow this as a string. In a multi-domain forest or multi-forest envrionment there's a process of some kind, somewhere, that defines which people go into which domain. This is what needs to be understood and implemented. Another option is to write the domain attribute using the function evaluator based on some criteria within FIM. Again, this is completely dependent on the business processes around selecting the domain.
Free Windows Admin Tool Kit Click here and download it now
August 5th, 2009 10:37am

Netbios domain name can be pulled from the LDAP with simple query but if this will have to be determined in synchronization during attribute flow this might be a bit costly operation. Also you can think about bringing into metaverse crossRef objects from configuration partition and then use FindMVEntry to lookup proper partition and read its nETBIOSName attribute but again ... question about the need and cost of such operation. I wrote that just to explore all options :)
August 6th, 2009 12:45am

I quite like the FindMVEntry option. Taking that a step further you could also push the crossRef objects into the FIM store and utilise a WF activity against crossRef objects within the store instead of going out against a DC too. I'm playing with something similar at the moment with OUs...
Free Windows Admin Tool Kit Click here and download it now
August 11th, 2009 6:22pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics