Active Directory: Karakterbeperkingen voor attributen
When synchronizing data from a source system like HR, you may encounter errors if the source data exceeds the maximum character length of the target attribute in Active Directory. If the source value is too long, Active Directory will reject the update, causing a synchronization error.
The solution is to use the SUBSTRING function within the synchronization template. This function allows you to truncate the source value to ensure it fits within the allowed character limit of the AD attribute.
Common Attribute Lengths
Below is a reference list of the default maximum character lengths for common Active Directory attributes.
Attribuut | Max Length |
|---|---|
| 64 |
| 64 |
| 6 |
| 255 |
| 128 |
| 40 |
| 128 |
| 1024 |
| 64 |
Find Attribute Length with PowerShell
You can find the maximum length for any attribute in your AD schema by using the following PowerShell script.
To use the script, save it as a .ps1 file and run it from a PowerShell terminal with the attribute's lDAPDisplayName as a parameter. For example: .\Get-ADAttributeLength.ps1 -attributeName "telephoneNumber"
PowerShell[cite_start]param ([string] $attributeName = $(throw "Specify attribute name")) [cite: 55]
[cite_start]$rootDSE = [ADSI]"LDAP://RootDSE" [cite: 56]
[cite_start]$attribute = [ADSI]"LDAP://CN=$attributeName,$($rootDSE.schemaNamingContext)" [cite: 57]
[cite_start]if ($attribute.rangeUpper -eq $null) { [cite: 58]
[cite_start]"no limit" [cite: 60]
[cite_start]} else { [cite: 61]
[cite_start]$attribute.rangeUpper [cite: 64]
}