FIM Troubleshooting: ADLDS MA - DN is not valid

Problem Statement

In writing some provisioning code in a metaverse extension, you can come across a problem while attempting to create the DN for an Active Directory Lightweight Directory Services (AD LDS) Management Agent. 

Debugging the code shows a "DN <name of DN> is not valid" message

 

Error message

Microsoft.MetadirectoryServices.InvalidDNException was caught

Message=DN "CN=LastName, FirstName,ou=users,dc=devdomain,dc=local" is not valid.

Source=mmsscpth

MAName=ADLDS

StackTrace:

at Microsoft.MetadirectoryServices.Impl.ScriptHost.TransformDNToStoreForm(ManagementAgent pMA, String pstrDN)

at Microsoft.MetadirectoryServices.Impl.ManagementAgentImpl.CreateDN(String dn)

at Microsoft.MetadirectoryServices.Impl.ConnectedMAImpl.CreateDN(String dn)

at Mms_Metaverse.MVExtensionObject.Microsoft.MetadirectoryServices.IMVSynchronization.Provision(MVEntry mventry) in C:\Provisioning Code\MVExtension\MVExtension.cs:line 89

InnerException: 

 

GOAL

 Here is what we want the DN to look like

CN=LastName, FirstName, OU=Users, DC=devdomain, DC=local

 

CODE

string rdn = "CN=" + mventry["CN"].Value.ToString();

string container = "ou=users,dc=dev,dc=local";

dn = ManagementAgent.CreateDN(rdn + "," + container);

 

Resolution

We had to escape the "," that was in the CN.  In Visual C#, you will need to escape the escape character.  You can do this in one of two ways.

1. rdn = rdn.Replace(",", "\,")  or 
2. rdn = rdn.Replace(",", @"\\")

Once we updated the code and then re-compiled, the error message went away.

 

See also

• Current Forefront Identity Manager Resources:
• Current Certificate Lifecycle Manager Resources:
• Current GalSync Resources
• Current PCNS – Password Synchronization Resources
• Extension-DLL-Exception Resources: 
• Characters That Must Be Escaped in Active Directory