Found an interesting issue with trying to create the user id "SELF" in
AD from IDM. It turns out that is a "reserved word" in Microsoft AD,
along with a bunch of other words. See the link for kb 909264 under the
"Table of reserved words". The ID worked fine in eDir/IDM.

This is probably rare, and we are probably unlikely to run into it
again, and even if we do, we are more likely to check the list of
reserved words this time around. but since we have the potential for
running into this again.

Question - should we create this list as an exception table and not
create user IDs like this? I'm not sure if that is more work or dealing
with the issue of trying to create a different user ID in case they
collide again in the future.

What would be a best practice/policy?

jcauthorn's Profile:
View this thread: