![](/s/cache/21/92/2192bdaa5cc1ed11af11f2653ef995b5.png)
UNIFYBroker/AD & dn field type
I have configured my UNIFYBroker/AD connector to use objectGUID as the key, so I can modify the "dn" attribute to move users between AD OUs. I configured my "dn" attribute as a "Distinguished Name (DN)" type in the AD connector and I generate an appropriate value for the field in a PowerShell Link Task. But when I attempt to sync to the AD adapter I see this error:
It looks to me like the UNIFYBroker/AD connector code needs me to configure the "dn" attribute as a String type. Is that correct? I'd prefer to have it configured as a Distinguished Name (DN), because that is what it is in AD and I want to use it elsewhere as a Distinguished Name (DN) data type (e.g. when I join to it for use on another user's "manager" attribute).
Answer
![](/s/cache/7d/53/7d53b04c16d6ef66897d1a534be84eba.png)
Hey Adrian,
Unfortunately that's correct - the AD connector expects the DN field to be a string value type.
This is because the underlying Microsoft library used for integration requires the DN to be a string value, so we enforce that value type further up the chain to ensure we don't cause any strange behaviour doing the conversion ourselves.
![](/s/cache/21/92/2192bdaa5cc1ed11af11f2653ef995b5.png)
Is that true for "manager" as well? If manager and dn are different types, that means a PowerShell transformation will always be required after the join from a user to their manager's user object. It would be nice to have a cleaner approach than that.
Customer support service by UserEcho
Hey Adrian,
Unfortunately that's correct - the AD connector expects the DN field to be a string value type.
This is because the underlying Microsoft library used for integration requires the DN to be a string value, so we enforce that value type further up the chain to ensure we don't cause any strange behaviour doing the conversion ourselves.