Review default sAMAccountName rule
Patrick Johannessen 9 years ago in UNIFYBroker/Aurion • updated by anonymous 7 years ago • 4
Review the default rule:
- To ensure characters that should be stripped (possibly hypens, apostrophes, etc?) are done so
Customer support service by UserEcho
I have changed the existence check to use an LDAP query straight to AD rather than checking the repository. I've also checked online and confirmed in a local instance that accented characters in AD are normalized and considered equivalent for sAMAccountName. The length of account names needs to be restricted to 20 characters still in the PowerShell script, and the changes need to be tested.
Resolved pending testing
Undesirable characters are not stripped (apostrophes, hyphens etc)
According to TechNet, the following statement is made (refer to http://social.technet.microsoft.com/wiki/contents/articles/11216.active-directory-requirements-for-creating-objects.aspx):
The following characters are not allowed in sAMAccountName values:
" [ ] : ; | = + * ? < > / \ ,
This means the undesirable characters listed are either just undesirable or a limitation on account names in Aurion. This could be accommodated but it is perfectly valid to have apostrophes, spaces and hyphens (ie. common surname character punctuation) in sAMAccountNames.