Review default sAMAccountName rule

Patrick Johannessen 10 years ago in UNIFYBroker/Aurion updated by anonymous 9 years ago 4

Review the default rule:

I have changed the existence check to use an LDAP query straight to AD rather than checking the repository. I've also checked online and confirmed in a local instance that accented characters in AD are normalized and considered equivalent for sAMAccountName. The length of account names needs to be restricted to 20 characters still in the PowerShell script, and the changes need to be tested.

Resolved pending testing

Undesirable characters are not stripped (apostrophes, hyphens etc)

According to TechNet, the following statement is made (refer to http://social.technet.microsoft.com/wiki/contents/articles/11216.active-directory-requirements-for-creating-objects.aspx):

The following characters are not allowed in sAMAccountName values:
" [ ] : ; | = + * ? < > / \ ,

This means the undesirable characters listed are either just undesirable or a limitation on account names in Aurion. This could be accommodated but it is perfectly valid to have apostrophes, spaces and hyphens (ie. common surname character punctuation) in sAMAccountNames.