Jane Lewis's Weblog

Platforms, Active Directory,Administration, Management,Women in Technology, Random Thoughts

Unravelling Cnf

Unravelling Cnf

  • Comments 1
  • Likes

What are CNF Objects and what are they indicative of.

Cnf objects are created by the Active Directory detected a "conflict". As you are probably aware the Active Directory is a multi-master environment. Therefore if two Administrators in different parts of the active directory create an object in the same container with the same name then a conflict will occur. This conflict is demonstrated by the presence of a CNF object. For example, object Bart is renamed to be *CNF:guid, where "*" represents a reserved character, "CNF" is a constant that indicates a conflict resolution, and "guid" represents a printable representation of the objectGuid attribute value.

RDN*CNF:<object GUID>

This will cause an event ID 12292 to be logged in the system event log on the domain controller. You must clean up Active Directory to resolve this error. The choice for cleaning up is to usually delete the "older" object which is usually the one prefixed by the RDN*CNF value.

Comments
  • The "reserved" character mentioned above is "\0A", which is the line feed character (escaped by the \ character and represented in hexadecimal). If the value of Name (the RDN of the object) is output in a script, this results in the original RDN on one line, followed by CNF:<GUID> on the next line.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment