F.1 Rules

F.1.1 General

The MPNA is configured through an MPNA Action Block. For procedures on creating an MPNA Action Block, see Creating a Managed Path Naming Attribute Action Block.

  • If you do not configure an explicit MPNA Action Block, a private Action Block applies in which the sAMAccountName is used for user and group collaborative policies.

  • An MPNA Action Block can be linked only to policies that match its type. An MPNA Action Block can be one of the following policy types:

    • User/User Auxiliary

    • Group Collaborative

  • After you link an MPNA Action Block to one or more policies, you cannot change the block's policy type without first removing the policy links.

    The list of available attributes for an MPNA Action Block depend on its associated policy type. The User/User Auxiliary policy type displays only attributes for the User object class. The Group Collaborative policy type displays only attributes for the Group object class.

  • Only single-valued domain-replicated, stored attributes are eligible to be chosen as the MPNA.

  • Multi-valued domain-replicated, stored attributes are not eligible to be chosen as the MPNA. One example is the Description attribute:

    https://msdn.microsoft.com/en-us/library/ms675492(v=vs.85).aspx

  • Constructed and non-replicated attributes are not eligible to be chosen as the MPNA. See Attributes:

    https://msdn.microsoft.com/en-us/library/ms675155(v=vs.85).aspx

    • A constructed attribute has values that are computed from normal attributes for read, or affects the values of normal attributes for writes. For example, canonicalName and allowedAttributes are non-stored, constructed attributes.

    • Non-replicated attributes are stored on each domain controller, but are not replicated. For example, badPwdCount, Last-Logon, and Last-Logoff are non-replicated attributes.

  • MPNA does not support auxiliary classes and their attributes.

F.1.2 Groom and Vault Paths

A Groom or Vault path follows the MPNA for the policy's managed path. For example, if Policy 1’s MPNA is the employeeNumber attribute, the attribute's value is used in the managed path and in the path for a Groom or Vault action.

  • Policy 1 Managed Path for user Keith whose employeeNumber attribute is “123456789”: \\Server1\Share1\Users\123456789

  • Policy 1 Vault or Groom Path for user Keith whose employeeNumber attribute is “123456789”: \\Server9\Vault\Users\123456789