When synchronizing data from a source system such as HR, you may encounter errors if the source data exceeds the maximum character length of the target attribute in Active Directory. If the source value is too long, Active Directory will reject the update, causing a synchronization error.
The solution is to use the SUBSTRING function within the synchronization template. This function allows you to truncate the source value to ensure it fits within the character limit of the AD attribute.
Common Attribute Lengths
Below is a list of the default maximum character lengths for common Active Directory attributes.
|
Attribute |
Max Length |
|---|---|
|
|
64
|
|
|
64
|
|
|
6
|
|
|
255
|
|
|
128
|
|
|
40
|
|
|
128
|
|
|
1024
|
|
|
64
|
Find the Length of an Attribute Using PowerShell
You can determine the maximum length for any attribute in your AD schema by using the following PowerShell script.
To use the script, save it as a .ps1 save the file and run it from a PowerShell terminal using the attribute's lDAPDisplayName as a parameter. For example: .\Get-ADAttributeLength.ps1 -attributeName "telephoneNumber"
PowerShell
[cite_start]param ([string] $attributeName = $(throw "Specify attribute name")) [cite: 55]
[cite_start]$rootDSE = [ADSI]"LDAP://RootDSE" [cite: 56]
[cite_start]$attribute = [ADSI]"LDAP://CN=$attributeName,$($rootDSE.schemaNamingContext)" [cite: 57]
[cite_start]if ($attribute.rangeUpper -eq $null) { [cite: 58]
[cite_start]"no limit" [cite: 60]
[cite_start]} else { [cite: 61]
[cite_start]$attribute.rangeUpper [cite: 64]
}