Solved

AD naming convention issue

Posted on 2003-10-23
5
656 Views
Last Modified: 2008-05-30
example:

firstname.lastname (as a login will work as long as it is less than 20 characters and matches the pre win2k name)
firstname.lastname @ mysite.com (will work regardless of the length of the users name, even if the pre-win2k name is truncated like so: firstname.lastnam)

it seems we are running into a 20 character limit because of the user logon name (pre-windows 2000) and this is a feature according to microsoft (with no fix since this is a feature).

so #1, is there a way to append the @mysite.com automatically? or 2, make a change so that it does not default to the pre win2k name? the reason this is needed as we are not going to change our naming convention for this and we are not going to have our users shorten their names (all names and logins are based on full legal names EX: someone named jim robbins full name is james robbins so his login would be james.robbins@mysite.com, not what he would be informally known as, in this case jim robbins)

i don't know much about this (active directory) but i am researching this to learn more and to fix an issue we are having with several users.

thanks for the help.
0
Comment
Question by:r0guenj
5 Comments
 
LVL 13

Expert Comment

by:ocon827679
ID: 9608049
I think your problem is due to using older operating systems on your client.  On W2K Pro and later, this shouldn't be an issue since you are using the SMTP name of the user to login. Since you have AD, you have a domain that is represented by a DNS naming convention.  The domain name, mysite.com, is automatically appended to the login name.  With older OS's you are stuck with the NetBIOS naming convention and older "NT rules."  This is done to maintain compatiblity.
0
 

Expert Comment

by:BrandonPComer
ID: 9609283
This is correct about the older naming convention.

Larger AD implementations that I have worked on, typically formulate short names with (first 5 letters of last name)(first initial)(middle inital). You can set this in the AD properties as the "Name", and then use the longer login name for the "User Principal Name" value. So, Brandon P. Comer would be name =  comerbp and User Principal Name Brandon.Comer@mydomain.com. Then both of these login names could be used depending on what client they are using. You can just tell NT4 clients, that they have the truncated name, and they can use the full name as soon as they are upgraded. That way your AD can stay consistent, and users can still use legacy clients. Plus, if a user needs to get on a W2k client and only remembers the truncated logon, it works as well. AD only really cares about the Distinguished name, which is the full LDAP string refernencing the object.

CHeers,

-Brandon Comer
0
 
LVL 1

Expert Comment

by:CycLonE
ID: 9619915
Hi r0guenj,

depending on what you've mentionned, changing your policy toward naming convention would simplify logons and administration for both you as system admin and end-user.
for example,  Jim John Robbins can use : j.robbins as his username or using his middle name: jj.robbins.

however, if you are using AD in mixed/hybrid mode then pre-windows2k users must have their username less or equal to 20 chr.

as for the "@mysite.com", simply add the "mysite.com" to your DNS as suffix and the problem is sovled.
0
 
LVL 1

Accepted Solution

by:
Jagerhill97 earned 125 total points
ID: 9642984
OK to begin with no it does not matter if you are running in a Native mode or Mixed mode environment the username will always truncate at 20 chararacters. A Win2k login will ALWAYS default to the DNS name not the UPN. IT does not append the @domainname.com automatically nor can it be added automatically without a script or registry hack. You can try adding the domain name as an autologin Ie: setting the default login to @domainname.com in the registry instead of an actual username. This is a feature in W2K AD that will not be changed in 2000 or 2003. The limit on the 20 characters is a feature as well. Even though you may not be running in a Native mode environment Microsoft wanted W2K to be backward compatable no matter what. It's pretty stupid since you don't need it won't need that type of compatabilty in a Native mode environment but that's the design. Hope this helps.
0
 

Author Comment

by:r0guenj
ID: 9645927
after researching this issue here and using other resources, jagerhill97 gave the same information that i have been able to find out on my own.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question