Ambiguous name resolution explained

Ambiguous Name Resolution (ANR) is a feature available in Microsoft's Active Directory which allows resolution of multiple objects on a computer network based on limited input. The user will be able to select the correct entry from these results. To allow this feature to operate, attributes need to be ANR enabled in the directory schema. This is an extension of the Lightweight Directory Access Protocol. When using Microsoft's Outlook or Outlook Web App, partial information can be typed into the To: From: and CC: fields which will result in an ANR query to provide potential matches.[1]

LDAP ANR

The Lightweight Directory Access Protocol LDAP for Active Directory uses default attributes flagged for ambiguous name resolution to filter results of an input query. In Microsoft Active Directory the searchFlags attribute is a bit flag that defines special properties related to searching with the attribute.[2]

In Windows 2000 the following attributes are set by default for ANR:

[3]

Example ANR Search

Many users with the same name are present in the Active Directory. When Bill White, Bill Whitehead, and Bill Smith all exist, and ANR is enabled, a search for "Bill White" looks like "anr=Bill White".Active Directory will:

The search results returned with matches for "Bill White" are:Bill White because "Bill White*" matches displayName and Bill Whitehead because "Bill*" AND "White*" matches Given-Name=Bill* AND Surname=White*

But, Bill Smith does not appear because: "Bill*" AND "White*" does not match the Given-Name and Surname of Bill Smith

External links

Notes and References

  1. Web site: Harnessing the power of Ambiguous Name Resolution. MSExchange.org.
  2. Book: Allen, Robbie. Active directory cookbook : [solutions for administrators & developers; over 500 recipes, covers SP1, R2, and ADAM]. 2006. O'Reilly. Sebastopol, Calif. [u.a.]. 0-596-10202-X. 2.. Hunter, Laura E..
  3. Web site: Ambiguous Name Resolution for LDAP in Windows 2000.