ANR is the acronym for Ambiguous Name Resolution. This is an efficient search algorithm in Active Directory that allows you to specify complex filters involving multiple naming-related attributes in a single clause. It can be used to locate objects in Active Directory when you know something about the object, but not necessarily which naming-attribute has the information. ANR is enabled by default in Active Directory. The following naming-related attributes support Ambiguous Name Resolution.
Attribute | Windows 2000 Server | Windows Server 2003 | AD LDS | Windows Server 2003 R2 | Windows Server 2008/2012 |
displayName | X | X | X | X | X |
givenName | X | X | X | X | |
legacyExchangeDN | X | X | X | X | |
msDS-AdditionalSamAccountName | X | X | X | ||
msDS-PhoneticCompanyName | X | ||||
msDS-PhoneticDepartment | X | ||||
msDS-PhoneticDisplayName | X | ||||
msDS-PhoneticFirstName | X | ||||
msDS-PhoneticLastName | X | ||||
msExchMailNickname | X | X | X | X | X |
physicalDeliveryOfficeName | X | X | X | X | X |
proxyAddresses | X | X | X | X | X |
Name | X | X | X | X | X |
sAMAccountName | X | X | X | X | |
sn | X | X | X | X |
AD LDS in the table above refers to Active Directory Lightweight Directory Services (formerly called Active Directory Application Mode, or ADAM). All of the other columns refer to AD DS (Active Directory Directory Services). Note that the "Name" attribute above is the Relative Distinguished Name of the object. For user objects, this is the Common Name, the value of the cn attribute. As an example, suppose you want to find information on someone named "Smith". You can use the filter:
(anr=Smith)
This will return objects where the string "smith" appears at the start of any of the naming attributes listed above. As always, the search is not case sensitive. In other words, Active Directory will convert the filter to the following:
(|(displayName=Smith*)(givenName=Smith*)(legacyExchangeDN=Smith*)(physicalDeliveryOfficeName=Smith*)(proxyAddresses=Smith*)(Name=Smith*)(sAMAccountName=Smith*)(sn=Smith*))
Where "|" is the "OR" operator and "*" is the wildcard character. Better yet, suppose you know the person's name is "Jim Smith". You can use the filter:
(anr=Jim Smith)
Now Active Directory will search for objects where any of the naming attributes matches "Jim Smith*", plus any objects where (givenName=Jim*) and (sn=Smith*), plus any objects where (givenName=Smith*) and (sn=Jim*). The algorithm considers only the first space in the string when breaking it up into two values. For example the filter:
(anr=Jim Smith Williams)
This will query for objects where any of the naming attributes matches
"Jim Smith Williams*", plus objects where
(givenName=Jim*) and (sn=Smith
Williams*), or where (givenName=Smith Williams*) and
(sn=Jim*).
For more documentation on Ambiguous Name Resolution, see these links:
http://support.microsoft.com/default.aspx/kb/243299
http://msdn.microsoft.com/en-us/library/ms675092(VS.85).aspx
http://msdn.microsoft.com/en-us/library/cc223243(PROT.13).aspx