User, group, and computer objects are called security principals of the domain, and each object in the domain must have a unique name across the domain. Ensure the following:
Objects are unique across the DSfW domain.
Objects have single-valued CN attribute.
User objects do not have a value assigned to the uniqueID attribute before DSfW is configured.
Any workstation joining the domain has a unique and non-ambiguous network name.
User accounts with the same CN value in different eDirectory containers and part of the same DSfW domain results in duplicate DSfW user accounts. User accounts with duplicate names must be rectified before deploying the DSfW domain. To ensure uniqueness for objects in your tree, use tools such as the DSReport and iManager unique naming plugin.
Follow the guidelines below to prevent duplicate workstation names in your DSfW environment:
Enable WINS on one domain controller for every forest, preferably the first domain controller in the tree.
Configure WINS on the workstations before joining them to the domain (for example, using DHCP).
Enable intruder lockout settings at the domain level.