Constraint Violation with Orchestration when creating an account - the manager attribute has a backslash \ character in the DN.

I feel like Neo in the Matrix dodging bullets as they are fired at me. I have been working on an issue with a customer that had me perplexed for some time. Thank you Alex Yupanqui and Jimmy Yuan for your help on this.

Allow me to save you some time.

Here is the use case. Using Orchestration you use the "Create AD Account" activity in a workflow and you set the manager attribute to the distinguished name of a manager. The DN looks something like this: CN=Maloy\, Chris,OU=SNOW,DC=SNOW. When you set the manager attribute to manager='CN=Maloy\, Chris,OU=SNOW,DC=SNOW' you get a "Constraint Violation" when trying to create this account.

AD uses the backslash all over the place, to escape special characters in their database:
http://social.technet.microsoft.com/wiki/contents/articles/5312.active-directory-characters-to-escape.aspx

If you want this to work in your workflow you have to use 4 (YES FOUR) backslashes to escape the backslash/comma correctly.

Your user data should look something like this when using the manager attribute (I hardcoded the manager on purpose so you could see the string):

workflow.scratchpad.ou = 'cn=Users';
var user = {};
user.givenName = '' + current.u_requested_for.first_name;
user.SN = '' + current.u_requested_for.last_name;
user.manager = 'CN=Maloy\\\\, Chris,OU=SNOW,DC=SNOW';
workflow.scratchpad.userdata = new JSON().encode(user);

That backslash has to be escaped in 2 context (Powershell and JS).

Please note - you can get a constraint violation for referencing a manager that doesn't exist in the context you specified as well. These are the two cases I have seen it throw that error.

Good luck all.