The LDAP API references an LDAP object by its distinguished name (DN). A DN is a sequence of relative distinguished names (RDN) connected by commas.

An RDN is an attribute with an associated value in the form attribute=value; normally expressed in a UTF-8 string format. The following table lists typical RDN attribute types.

The following are examples of distinguished names.

 CN=Jeff Smith,OU=Sales,DC=Fabrikam,DC=COM

 CN=Karen Berge,CN=admin,DC=corp,DC=Fabrikam,DC=COM

The following table lists reserved characters that cannot be used in an attribute value.

If a reserved character is part of an attribute value, it must be escaped by prefixing it with a backslash (\) in the attribute string. If an attribute value contains other reserved characters, such as the equals sign (=) or non-UTF-8 characters, it must be encoded in hexadecimal by replacing the character with a backslash followed by two hex digits.

The following are examples of some distinguished names that include escaped characters. The first example is an organizational unit name with an embedded comma; the second example is a value containing a carriage return.

 CN=Litware,OU=Docs\, Adatum,DC=Fabrikam,DC=COM

 CN=Before\0DAfter,OU=Test,DC=North America,DC=Fabrikam,DC=COM

LDAP ADsPath

For more information about using distinguished names via the ADSI LDAP provider, see LDAP ADsPath.

See Also

RFC 2253

Send comments about this topic to Microsoft

Build date: 11/1/2007