UPN vs. SAM account names

Posted on 2011-10-06
Medium Priority
Last Modified: 2012-06-22
hello, i'm wondering if there is a downside to using the UPN vs. the SAM account names in AD.  SAM (or pre-2000) login has a 20 character limit, which becomes problematic in my environment.  is the SAM account name ever going to go away, as the name suggests, pre-2000 rarely exists these days.

also, i was wondering if there was a %_% shortcut for the UPN - when you use %username% it pulls the SAM, i'd like to use that notation to pull in the UPN.  

Question by:jhaff
  • 2
LVL 57

Expert Comment

by:Mike Kline
ID: 36924523
No downside if you need to exceed the limit.  I doubt samaccountname will every go away.  I think when Windows 2000 initially came out there was a hope that the UPN would take off as the default login name but really it hasn't.  Not sure why that never happened.

I haven't tested %userprinciapalname%...not sure on that one.



Accepted Solution

-tjs earned 2000 total points
ID: 36924636
The %_% shortcuts are really pulling from environment variables.  Unfortunately there is no built-in evnironment variable for UPN, but you could have a login script populate one for you when the user logs in:
Command Line Example:
for /f "delims=" %x in ('dsquery * -filter "(samaccountname=%username%)" -attr userprincipalname -l') do set UPN=%x
Batch File Example:
for /f "delims=" %%x in ('dsquery * -filter "(samaccountname=%%username%%)" -attr userprincipalname -l') do @set UPN=%%x

There are no published plans for samaccountname to be changed or go away, and userprinciplename does not have to resemble samaccountname.  Many apps though still require a user to specify login as DOMAIN\username, which is their samaccountname, so keep that in mind.

Author Comment

ID: 36924649
no go on the %userprincipalname%... anyone know where i can find a list of the %_% variables?

Assisted Solution

-tjs earned 2000 total points
ID: 36924743
Type "set" at the command prompt. There are a few hidden ones that can be seen with "set /?".

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question