According to TechNet of Microsoft, sAMAccountName is domain-wide uniqueness and 20-character limit for user objects. This character limitation of sAMAccountName cannot be changed because it is controlled by SAM Rule.
When I perform "Help New-ADUser -Full" in PowerShell of Windows Server 2012 or Windows Server 2012 R2, the help of New-ADUser provided the same information about SamAccountName parameter for me.
Remark: Make sure the help file has been updated. If not, you cannot see the above information.
Test the uniqueness
Create 2 user accounts with more than 20-character in Active Directory.
1. On a domain controller, log in as Domain Administrator.
2. Launch "Active Directory Users and Computers".
3. Start to create a new user in Users container.
4. Next to "Full name" and "User logon name", enter "DevelopmentMSSQLSVC01".
First, "DevelopmentMSSQLSVC01" is more than 20-character and then User logon name (pre-Windows 2000) which is SamAccountName is stop at "0" because "0" is the 20 character of this account name.
5. Click "Next".
6. Provide and enter a password for this account.
7. Click "Next".
8. Click "Finish".
9. Start to create the second user in Users container.
10. Next to "Full name" and "User logon name", enter "DevelopmentMSSQLSVC02".
User logon name (pre-Windows 2000) of "DevelopmentMSSQLSVC02" is same as "DevelopmentMSSQLSVC01".
11. Click "Next".
The pop-up window noticed that the pre-Windows 2000 which is SamAccountName have chosen so we have to change it to another one. Because all characters of "DevelopmentMSSQLSVC02" in pre-Windows 2000 logon is same as "DevelopmentMSSQLSVC01", it's proved that the SamAccountName must be unique.
12. Click "OK".
13. Click "Cancel".
For more information:
When I perform "Help New-ADUser -Full" in PowerShell of Windows Server 2012 or Windows Server 2012 R2, the help of New-ADUser provided the same information about SamAccountName parameter for me.
Test the uniqueness
Create 2 user accounts with more than 20-character in Active Directory.
1. On a domain controller, log in as Domain Administrator.
2. Launch "Active Directory Users and Computers".
3. Start to create a new user in Users container.
5. Click "Next".
6. Provide and enter a password for this account.
8. Click "Finish".
9. Start to create the second user in Users container.
10. Next to "Full name" and "User logon name", enter "DevelopmentMSSQLSVC02".
11. Click "Next".
12. Click "OK".
13. Click "Cancel".
For more information:
This posting is provided “AS IS” with no warranties, and confers no rights!
No comments:
Post a Comment