Characters disallowed for distinguished names

Certain characters are treated differently by the different user registries. In general, we can use special characters within a distinguished name (DN). However, certain special characters require an additional escape character. The following special characters must be escaped when used in a distinguished name:

• Comma (,)
• Plus sign (+)
• Semicolon (;)

Because of differences in registries and command shell processors, avoid the backward slash (\) character in distinguished names.

• Characters disallowed for Microsoft Active Directory distinguished names
  If Microsoft Active Directory is the user registry, certain special characters are not allowed in a distinguished name (DN). However, if the character is preceded by an additional escape character or is encoded in hexadecimal, then, it is allowed in a DN.

Parent topic: Password limitations and characters allowed in object names