Jump to content

Ambiguous name resolution

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 31.31.236.67 (talk) at 10:48, 6 April 2018 (LDAP ANR). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Ambiguous Name Resolution (ANR) is a feature available in Microsoft's Active Directory which allows resolution of multiple objects on a computer network based on limited input. The user will be able to select the correct entry from these results. To allow this feature to operate, attributes need to be ANR enabled in the directory schema. This is an extension of the Lightweight Directory Access Protocol. When using Microsoft's Outlook or Outlook Web App, partial information can be typed into the To: From: and CC: fields which will result in an ANR query to provide potential matches.[1]

LDAP ANR

The Lightweight Directory Access Protocol LDAP for Active Directory uses default attributes flagged for ambiguous name resolution to filter results of an input query. In Microsoft Active Directory the searchFlags attribute is a bit flag that defines special properties related to searching with the attribute.[2]

In Windows 2000 the following attributes are set by default for ANR:

  • GivenName
  • Surname
  • displayName
  • LegacyExchangeDN
  • msExchMailNickname
  • RDN
  • physicalDeliveryOfficeName
  • proxyAddress
  • sAMAccountName

[3]

Many users with the same name are present in the Active Directory. When Bill White, Bill Whitehead, and Bill Smith all exist, and ANR is enabled, a search for "Bill White" looks like "anr=Bill White". Active Directory will:

  • Notice the "anr" and the embedded space.
  • Check the schema to determine which objects have ANR and SEARCH index bits set.
  • Perform an "or" search for "Bill White*" against the default attributes listed above.
  • Then searches for: Given-Name=Bill* AND Surname=White*

The search results returned with matches for "Bill White" are: Bill White because "Bill White*" matches displayName and Bill Whitehead because "Bill*" AND "White*" matches Given-Name=Bill* AND Surname=White*

But, Bill Smith does not appear because: "Bill*" AND "White*" does not match the Given-Name and Surname of Bill Smith

References

  1. ^ "Harnessing the power of Ambiguous Name Resolution". MSExchange.org.
  2. ^ Allen, Robbie; Hunter, Laura E. (2006). Active directory cookbook : [solutions for administrators & developers ; over 500 recipes, covers SP1, R2, and ADAM] (2. ed.). Sebastopol, Calif. [u.a.]: O'Reilly. ISBN 0-596-10202-X.
  3. ^ "Ambiguous Name Resolution for LDAP in Windows 2000".