Solved

server 2003 minimum username length?

Posted on 2011-09-28
8
1,311 Views
Last Modified: 2012-06-27
we usually do first initial and last name for usernames but we have an application that requires at least 6 characters for usernames and some people with short last names end up with active directory accounts that are too short.  so either we add a character or they have mismatching accounts and get confused.  

Is there a way to change it so AD will not accept a username shorter than 6 characters?
0
Comment
Question by:cymrich
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 21

Expert Comment

by:Papertrip
ID: 36720435
This isn't an exact answer to your question, but I'd like to ask a couple things from a logistics/scalability point of view.

For users who have let's say 3 letters in their username, how do you plan on filling in the other 3 characters?

How is the application doing authentication?  Does it have it's own user database or does it pull from AD?

If someone answers your specific question, cool, but whether or not your approach is scalable is another issue.  Just because you are able to do something doesn't mean you should ;)

0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36720529
You would have to manipulate the samaccount attribute in the schema and would need a lot of testing.  Not something I've ever tried to do so I won't blow smoke on if it is possible.

I'd just use full first name/last name for those users.

Thanks

Mike
0
 
LVL 70

Expert Comment

by:KCTS
ID: 36720643
There is nothing built in to windows to do this
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:cymrich
ID: 36720729
@Papertrip
Most of our users already have names that are 6 characters or longer... I am one of the few exceptions myself, but as an admin it's not confusing to me.  I would have to change my username before the limit change is made.  the application is using a sql database and the powers that be do not want any kind of passthrough authentication.  The request is being made so that when people other than me make accounts they don't accidentally make the AD account too short.  I told them that I was unaware of any way for the username minimum to be altered like that, but a remote admin guy said he had seen it done and that a way exists so I am investigating.  

@mkline71
for most users with short last names that is exactly what we usually do.  Basically they want to make sure that the accounts are created in a uniform manner so on and so forth...

@KCTS
That's what I thought but someone in the meeting I was in said it is possible so now I am tasked with finding out how.  


0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36720758
Basically they want to make sure that the accounts are created in a uniform manner so on and so forth...
Yeah I figured, that is exactly why I posed those questions.

It is very possible that you will hire someone in the future who has a first+last name that is <6 characters, what will be the standard then?

I think the only viable solution to this is to hook the applications user authentication processes into AD, and stick with first initial + last as you have been.
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 500 total points
ID: 36720761
Speaking from experience, managing separate user databases like your bosses are requesting will bite you in the butt eventually.  I guess it kinda already has...
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36761954
The other non native way that I know some people enforce rules is through user provisioning tools.  Quest makes one for example, there are others and some people write their own web pages.  Then when the help desk creates an account they use this other interface (not ADUC) and it enforces rules/policies.


Haven't done that where I am.

Thanks

Mike
0
 

Author Closing Comment

by:cymrich
ID: 37477931
my own first and last names only have 4 letters each so we already made an exception to the rule for me... the powers that be never brought this up again so basically nothing ever happened and we still just add letters if their last name is too short
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question