Active_Directory [SOLVED]: Are semicolons WITH spaces allowed as a delimiter for an Active Directory DirectoryString attribute value?

Active_Directory [SOLVED]: Are semicolons WITH spaces allowed as a delimiter for an Active Directory DirectoryString attribute value?

Home Forums Active Directory Active_Directory [SOLVED]: Are semicolons WITH spaces allowed as a delimiter for an Active Directory DirectoryString attribute value?

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #36440

    Anonymous

    QuestionQuestion

    I have a third-party web app that is running a LDAP query to find if a user’s email address exists in AD. The query looks like this:

    (&(objectClass=user)(proxyAddresses=SMTP:foouser@example.co.uk)) 
    

    My proxyAddresses attribute value in AD looks like this:

    X500:/o=foo/ou=foo Group (ABC123)/cn=Foo3/cn=foouser (blah)123; SIP:foouser@example.co.uk; smtp:foouser@sub1.example.co.uk; smtp:foouser@sub2.example.co.uk; SMTP:foouser@example.co.uk
    

    The web app is getting empty results back. I see a similar result when I check with AD Explorer. Also, when I look at the raw output in AD Explorer, it puts the entire attribute value on a single line instead of showing each SMTP and X500 entry on a separate line.

    All of this makes me think that the value may not be delimited properly.

    When I compared the attribute with another environment, the other environment didn’t have spaces between the values.

    For example… mine:

    X500:/o=foo/ou=foo Group (ABC123)/cn=Foo3/cn=foouser (blah)123; SIP:foouser@example.co.uk; smtp:foouser@sub1.example.co.uk; smtp:foouser@sub2.example.co.uk; SMTP:foouser@example.co.uk
    

    The other environment:

    X500:/o=foo/ou=foo Group (ABC123)/cn=Foo3/cn=foouser (blah)123;SIP:foouser@example.co.uk;smtp:foouser@sub1.example.co.uk;smtp:foouser@sub2.example.co.uk;SMTP:foouser@example.co.uk
    

    So my question is:

    Are semicolons WITH spaces allowed as a delimiter for an Active Directory DirectoryString attribute value?

    #36441

    Anonymous

    Accepted AnswerAnswer

    From a query point of view, the delimiter is really just a cosmetic display option for presenting the data. Different tools will display the multiple values in different ways. Make sure you are using the same version of the same tool in both environments.

    The attributes tab in DSA.MSC uses semi colons with spaces, but open that attribute to edit with DSA and you get a list with each attribute on a new line. Some other methods you can you to query and display: CSVDE will generate a file that uses semi colons. Get-Aduser will use “, ” in the general query, but then use newlines when you expand the attribute.

    csvde -r "(samaccountname=roadRunner)" -f this.csv -l proxyaddresses
    get-aduser -ldapfilter "(samaccountname=roadRunner)" -prop proxyaddresses
    (get-aduser -ldapfilter "(samaccountname=roadRunner)" -prop proxyaddresses).proxyaddresses
    

    Is the user found when you run the same query with? get-aduser -ldapfilter "(&(objectClass=user)(proxyAddresses=SMTP:foouser@example.co.uk))"

    Source: https://serverfault.com/questions/887553/are-semicolons-with-spaces-allowed-as-a-delimiter-for-an-active-directory-direct
    Author: Clayton
    Creative Commons License
    This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.