Solved

server 2003 minimum username length?

Posted on 2011-09-28
8
1,294 Views
Last Modified: 2012-06-27
we usually do first initial and last name for usernames but we have an application that requires at least 6 characters for usernames and some people with short last names end up with active directory accounts that are too short.  so either we add a character or they have mismatching accounts and get confused.  

Is there a way to change it so AD will not accept a username shorter than 6 characters?
0
Comment
Question by:cymrich
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 21

Expert Comment

by:Papertrip
ID: 36720435
This isn't an exact answer to your question, but I'd like to ask a couple things from a logistics/scalability point of view.

For users who have let's say 3 letters in their username, how do you plan on filling in the other 3 characters?

How is the application doing authentication?  Does it have it's own user database or does it pull from AD?

If someone answers your specific question, cool, but whether or not your approach is scalable is another issue.  Just because you are able to do something doesn't mean you should ;)

0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36720529
You would have to manipulate the samaccount attribute in the schema and would need a lot of testing.  Not something I've ever tried to do so I won't blow smoke on if it is possible.

I'd just use full first name/last name for those users.

Thanks

Mike
0
 
LVL 70

Expert Comment

by:KCTS
ID: 36720643
There is nothing built in to windows to do this
0
 

Author Comment

by:cymrich
ID: 36720729
@Papertrip
Most of our users already have names that are 6 characters or longer... I am one of the few exceptions myself, but as an admin it's not confusing to me.  I would have to change my username before the limit change is made.  the application is using a sql database and the powers that be do not want any kind of passthrough authentication.  The request is being made so that when people other than me make accounts they don't accidentally make the AD account too short.  I told them that I was unaware of any way for the username minimum to be altered like that, but a remote admin guy said he had seen it done and that a way exists so I am investigating.  

@mkline71
for most users with short last names that is exactly what we usually do.  Basically they want to make sure that the accounts are created in a uniform manner so on and so forth...

@KCTS
That's what I thought but someone in the meeting I was in said it is possible so now I am tasked with finding out how.  


0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 21

Expert Comment

by:Papertrip
ID: 36720758
Basically they want to make sure that the accounts are created in a uniform manner so on and so forth...
Yeah I figured, that is exactly why I posed those questions.

It is very possible that you will hire someone in the future who has a first+last name that is <6 characters, what will be the standard then?

I think the only viable solution to this is to hook the applications user authentication processes into AD, and stick with first initial + last as you have been.
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 500 total points
ID: 36720761
Speaking from experience, managing separate user databases like your bosses are requesting will bite you in the butt eventually.  I guess it kinda already has...
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36761954
The other non native way that I know some people enforce rules is through user provisioning tools.  Quest makes one for example, there are others and some people write their own web pages.  Then when the help desk creates an account they use this other interface (not ADUC) and it enforces rules/policies.


Haven't done that where I am.

Thanks

Mike
0
 

Author Closing Comment

by:cymrich
ID: 37477931
my own first and last names only have 4 letters each so we already made an exception to the rule for me... the powers that be never brought this up again so basically nothing ever happened and we still just add letters if their last name is too short
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now