Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

server 2003 minimum username length?

Posted on 2011-09-28
8
Medium Priority
?
1,439 Views
Last Modified: 2012-06-27
we usually do first initial and last name for usernames but we have an application that requires at least 6 characters for usernames and some people with short last names end up with active directory accounts that are too short.  so either we add a character or they have mismatching accounts and get confused.  

Is there a way to change it so AD will not accept a username shorter than 6 characters?
0
Comment
Question by:cymrich
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 21

Expert Comment

by:Papertrip
ID: 36720435
This isn't an exact answer to your question, but I'd like to ask a couple things from a logistics/scalability point of view.

For users who have let's say 3 letters in their username, how do you plan on filling in the other 3 characters?

How is the application doing authentication?  Does it have it's own user database or does it pull from AD?

If someone answers your specific question, cool, but whether or not your approach is scalable is another issue.  Just because you are able to do something doesn't mean you should ;)

0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36720529
You would have to manipulate the samaccount attribute in the schema and would need a lot of testing.  Not something I've ever tried to do so I won't blow smoke on if it is possible.

I'd just use full first name/last name for those users.

Thanks

Mike
0
 
LVL 70

Expert Comment

by:KCTS
ID: 36720643
There is nothing built in to windows to do this
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:cymrich
ID: 36720729
@Papertrip
Most of our users already have names that are 6 characters or longer... I am one of the few exceptions myself, but as an admin it's not confusing to me.  I would have to change my username before the limit change is made.  the application is using a sql database and the powers that be do not want any kind of passthrough authentication.  The request is being made so that when people other than me make accounts they don't accidentally make the AD account too short.  I told them that I was unaware of any way for the username minimum to be altered like that, but a remote admin guy said he had seen it done and that a way exists so I am investigating.  

@mkline71
for most users with short last names that is exactly what we usually do.  Basically they want to make sure that the accounts are created in a uniform manner so on and so forth...

@KCTS
That's what I thought but someone in the meeting I was in said it is possible so now I am tasked with finding out how.  


0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36720758
Basically they want to make sure that the accounts are created in a uniform manner so on and so forth...
Yeah I figured, that is exactly why I posed those questions.

It is very possible that you will hire someone in the future who has a first+last name that is <6 characters, what will be the standard then?

I think the only viable solution to this is to hook the applications user authentication processes into AD, and stick with first initial + last as you have been.
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 2000 total points
ID: 36720761
Speaking from experience, managing separate user databases like your bosses are requesting will bite you in the butt eventually.  I guess it kinda already has...
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36761954
The other non native way that I know some people enforce rules is through user provisioning tools.  Quest makes one for example, there are others and some people write their own web pages.  Then when the help desk creates an account they use this other interface (not ADUC) and it enforces rules/policies.


Haven't done that where I am.

Thanks

Mike
0
 

Author Closing Comment

by:cymrich
ID: 37477931
my own first and last names only have 4 letters each so we already made an exception to the rule for me... the powers that be never brought this up again so basically nothing ever happened and we still just add letters if their last name is too short
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question