{"id":128,"date":"2008-07-11T14:05:58","date_gmt":"2008-07-11T14:05:58","guid":{"rendered":"https:\/\/www.wapshere.com\/missmiis\/?p=128"},"modified":"2009-04-05T07:51:31","modified_gmt":"2009-04-05T07:51:31","slug":"string-to-relational-dn-export-flows","status":"publish","type":"post","link":"https:\/\/www.wapshere.com\/missmiis\/string-to-relational-dn-export-flows","title":{"rendered":"String to relational DN export flows"},"content":{"rendered":"

Thanks to Joe Stepongzi<\/a>\u00c2\u00a0for pointing this one out to me:\u00c2\u00a0you can flow a metaverse string<\/strong> attribute direct to a connector space relational DN<\/strong> attribute, as long as the metaverse string holds a valid\u00c2\u00a0DN.<\/p>\n

<\/p>\n

This is particularly useful in group population.\u00c2\u00a0My usual\u00c2\u00a0method<\/a> uses relational DN attributes the whole way through, from importing CS to metaverse to exporting CS. To construct the rDNs, each CS must hold objects representing every possible group member.\u00c2\u00a0Get a\u00c2\u00a0few groups with 10,000+ members, and you may\u00c2\u00a0soon have hundreds of thousands of objects in your CS … and I won’t need to tell you what that does to your sync times and your transaction log.<\/p>\n

So, it turns out, you can at least reduce the pain for one half of the equation.<\/p>\n\n\n\n\n
Importing CS<\/strong><\/td>\n\u00c2\u00a0<\/td>\nMetaverse<\/strong><\/td>\n\u00c2\u00a0<\/td>\nExporting CS<\/strong><\/td>\n<\/tr>\n
String attribute<\/td>\n\u00e2\u2020\u2019<\/td>\nString attribute<\/td>\n\u00e2\u2020\u2019<\/td>\nrDN attribute<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Now the big hurdle here is that\u00c2\u00a0you need to\u00c2\u00a0get hold of\u00c2\u00a0those DN strings in the first place, and have confidence that they are correct. I overcome with another SQL MA that exports the DN to a table. I then have some SQL trickery going on in the background to generate a table of member lists with the ready-made DNs.<\/p>\n

This has been particularly useful in a multi-forest implementation where I needed to populate some groups with Foreign Security Objects from another forest. The FSO takes the form of a DN which I constructed from the foreign SSID, and then by using this method I was able to\u00c2\u00a0put them into groups.<\/p>\n

Now according to Joe there is another half to this equation where you can also effectively output a group composed of string DN members to AD – however you can’t use the native AD MA, you have to use an XMA and LDIF files. This method has several notable benefits:<\/p>\n