Presentation by Richard Mueller, Microsoft MVP in Directory Services, during day 2 of the International TechNet Wiki Summit 2015, held March 18, 2015, at 18:30 UTC.

It should be rare to have leading spaces in Relative Distinguished Names in Active Directory. But if you have such names the objects are difficult to find and work with. This session describes the following TechNet Wiki article that deals with this issue:

Active Directory: Leading Spaces in Names

The presentation describes how the idea for this article arose, how the subject was researched, and the features employed to make the article more useful.

In brief, there should be no reason to have leading spaces in AD names. This most likely happened by mistake. Some such objects cannot be added to groups or made the manager of a user. The best workaround is to remove the leading spaces. The following two filters can be used to find all such objects in Active Directory so you can remove leading spaces:

An LDAP syntax filter can be used with the dsquery command line tool, the ldp utility, VBScript, PowerShell V1, or PowerShell V2 (using the LDAPFilter parameter):

 

VB Script
Edit|Remove
"(Name=\20*)"
 

A PowerShell extended syntax filter can be use with the PowerShell (V2 and above) AD module cmdlets, like Get-ADObject:

 

 

PowerShell
Edit|Remove
{Name -Like "\20*"}
 

The Name attribute is the Relative Distinguished Name, so the query will return all objects (not just users) with this problem. The "\" character is the AD escape character. "20" is the ASCII hexadecimal encoding for the space character. "*" is the wild card character. So these filters find all objects where the RDN begins with the space character, following by anything.

 

Download the PowerPoint slides linked above to view the slides used during the presentation.

See Also

TechNet Wiki: International Summit 2015