I see a really big problem with that setup. :-P
It *should* be possible to change the LDAP schema to anything you want (subject to what various programs expect, of course: you can't get rid of some field that the login thingy uses, for instance). Whether MS *lets* you is a separate question entirely, and one which I don't have an answer to (having never tried this particular change).
I'm also unsure what happens in their LDAP setup when constraints change -- but if you have existing objects whose attributes do *not* match the new constraints, expect trouble somewhere. Fix them *first*, not second.
Also, unless you're using some non-AD-provided UI to create users, I foresee problems with this idea when a new user is created. They're created (IIRC) with the manager field blank and no way to change it, and the UI (at least) does not force the admin to put anything into the description field. This is going to cause grief (*possibly* even inability to create any new users). Of course, if you use some other interface (including something you've written that uses ADSI), you might be able to get away with this part. |
