Active Directory and sAMAccountNames

Internally, Active Directory (AD) uses several naming schemes for a given object. In the case of a User, two fields are of particular relevance: sAMAccountName (SAM-Account) and userPrincipalName (UPN).

sAMAccountNames

  • Logon names maintained for backwards compatability with pre-NT4 clients
  • Format: domainname\username
  • Limited to 20 characters
UPNs
  • Logon names formatted as email addresses; Note: the UPN's domain doesn't always match the user's location domain
  • Format: username@domainname.com
  • No character limit

Current Limitations

Authentication / Auto-Import - Allows up to 20 characters (sAMAccountName)

The component that Pleasant Password Server (PPS) uses for Auto-Import searches via sAMAccountName, not UPN. This means that PPS will be unable to find users using long usernames, regardless of whether they exist.

Work-Around: Some customers have found a work-around by using the Directory alias ('@alias') as a suffix, for example, username@alias

Manual Importing - Allows 20 or more characters (sAMAccountName/UPN)
  • Import Users or Import Groups pages will bind and allow manual importing of usernames of 20 or more characters long

How do I find sAMAccountNames?

With Active Directory Users and Computers open:

  • Click View > Advanced Features
  • Open the properties of an object > Attribute Editor tab > Scroll down to sAMAccountName

 

(animated GIF)

sAMAccountName.gif

Tag page
You must login to post a comment.