2.2.1.1 Distinguished Names for Objects

Address book distinguished names (ABDNs) are used to uniquely identify objects in the address book. Throughout the rest of this specification, the term distinguished name (DN) is used to refer to an address book DN. Each Address Book object MUST have a unique DN value, expressed as a NULL-terminated ASCII string. The DN is stored in the PidTagEmailAddress property (section 2.2.3.14). The DN is also embedded in the Distinguished  Name field of the PermanentEntryID structure, as specified in [MS-NSPI] and [MS-OXNSPI] section 2.2.9.3.<4> DNs are structured as shown in the following Augmented Backus-Naur Form (ABNF) definition, as specified in [RFC5234].

 dn = organization-dn / 
   addresslist-dn / 
   x500-dn
 organization-dn= org-rdn
 addresslist-dn    = "/guid=" container-guid / 
   gal-addrlist-dn
 container-guid= 32(HEXDIG)
 gal-addrlist-dn = "/"
 x500-dn    = x500-container-dn object-rdn
  ; x500-dns are limited to 16 levels
 x500-container-dn = org-rdn org-unit-rdn 0*13(container-rdn)
 org-rdn    = "/o=" rdn
 org-unit-rdn = "/ou=" rdn
 container-rdn = "/cn=" rdn
 object-rdn  = "/cn=" rdn
 rdn   = ( non-space-teletex ) / 
                  ( non-space-teletex *62(teletex-char)
    non-space-teletex )
   ; rdn values are limited to 64 characters
  ; the number of rdns is limited to 16 but the
  ; total cumulative length of rdn characters in
  ; An x500-dn is limited to 256.
 teletex-char = SP / non-space-teletex
 non-space-teletex= "!" / DQUOTE / "%" / "&" / "\" / "(" / ")" / 
   "*" / "+" / "," / "-" / "." / "0" / "1" / 
   "2" / "3" / "4" / "5" / "6" / "7" / "8" /
   "9" / ":" / "<" / "=" / ">" / "?" / "@" /
   "A" / "B" / "C" / "D" / "E" / "F" / "G" / 
   "H" / "I" / "J" / "K" / "L" / "M" / "N" / 
   "O" / "P" / "Q" / "R" / "S" / "T" / "U" / 
   "V" / "W" / "X" / "Y" / "Z" / "[" / "]" /
   "_" / "a" / "b" / "c" / "d" / "e" / "f" /
   "g" / "h" / "i" / "j" / "k" / "l" / "m" /
   "n" / "o" / "p" / "q" / "r" / "s" / "t" /
   "u" / "v" / "w" / "x" / "y" / "z" / "|"

DNs for specific objects have a strict format, as shown in the following table.

Object type	DN format	Notes
Address book container	addresslist-dn
Global Address List container	gal-addrlist-dn
Mail user	x500-dn	The org-rdn string is the mail user's organization.
Organization	organization-dn
Store	x500-dn	The x500-container-dn is the mailbox server.
Mailbox server	x500-dn	The relative distinguished name (RDN) in the object-rdn is the name of the mailbox server.
Room container reference	x500-dn with no container-rdn	The RDN of the object-rdn matches the container-guid of the address book container.
All other Address Book objects	dn

When the DN of an Address Book object that is obtained from an NSPI server matches the DN of an Address Book object that is obtained from an OAB, the objects represent the same entity. The OAB SHOULD<5> include additional properties not available on the NSPI server. Properties SHOULD have the same value when present on both data sources. One exception to having the same value on both data sources is if the properties are truncated in the OAB, according to the limitations specified in [MS-OXOAB] section 2.9.2.2.1. Another exception is if the value on an NSPI server has changed since the OAB was created, or if the NSPI server was restored from a backup after the OAB was created. In such a case, the NSPI server and the OAB are said to be "out of sync". That is, the data in the two sources reflects two different time periods.