[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

server 2003 minimum username length?

Posted on 2011-09-28
8
Medium Priority
?
1,468 Views
Last Modified: 2012-06-27
we usually do first initial and last name for usernames but we have an application that requires at least 6 characters for usernames and some people with short last names end up with active directory accounts that are too short.  so either we add a character or they have mismatching accounts and get confused.  

Is there a way to change it so AD will not accept a username shorter than 6 characters?
0
Comment
Question by:cymrich
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 21

Expert Comment

by:Papertrip
ID: 36720435
This isn't an exact answer to your question, but I'd like to ask a couple things from a logistics/scalability point of view.

For users who have let's say 3 letters in their username, how do you plan on filling in the other 3 characters?

How is the application doing authentication?  Does it have it's own user database or does it pull from AD?

If someone answers your specific question, cool, but whether or not your approach is scalable is another issue.  Just because you are able to do something doesn't mean you should ;)

0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36720529
You would have to manipulate the samaccount attribute in the schema and would need a lot of testing.  Not something I've ever tried to do so I won't blow smoke on if it is possible.

I'd just use full first name/last name for those users.

Thanks

Mike
0
 
LVL 70

Expert Comment

by:KCTS
ID: 36720643
There is nothing built in to windows to do this
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 

Author Comment

by:cymrich
ID: 36720729
@Papertrip
Most of our users already have names that are 6 characters or longer... I am one of the few exceptions myself, but as an admin it's not confusing to me.  I would have to change my username before the limit change is made.  the application is using a sql database and the powers that be do not want any kind of passthrough authentication.  The request is being made so that when people other than me make accounts they don't accidentally make the AD account too short.  I told them that I was unaware of any way for the username minimum to be altered like that, but a remote admin guy said he had seen it done and that a way exists so I am investigating.  

@mkline71
for most users with short last names that is exactly what we usually do.  Basically they want to make sure that the accounts are created in a uniform manner so on and so forth...

@KCTS
That's what I thought but someone in the meeting I was in said it is possible so now I am tasked with finding out how.  


0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36720758
Basically they want to make sure that the accounts are created in a uniform manner so on and so forth...
Yeah I figured, that is exactly why I posed those questions.

It is very possible that you will hire someone in the future who has a first+last name that is <6 characters, what will be the standard then?

I think the only viable solution to this is to hook the applications user authentication processes into AD, and stick with first initial + last as you have been.
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 2000 total points
ID: 36720761
Speaking from experience, managing separate user databases like your bosses are requesting will bite you in the butt eventually.  I guess it kinda already has...
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36761954
The other non native way that I know some people enforce rules is through user provisioning tools.  Quest makes one for example, there are others and some people write their own web pages.  Then when the help desk creates an account they use this other interface (not ADUC) and it enforces rules/policies.


Haven't done that where I am.

Thanks

Mike
0
 

Author Closing Comment

by:cymrich
ID: 37477931
my own first and last names only have 4 letters each so we already made an exception to the rule for me... the powers that be never brought this up again so basically nothing ever happened and we still just add letters if their last name is too short
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question