UPN vs. SAM account names

Posted on 2011-10-06
Last Modified: 2012-06-22
hello, i'm wondering if there is a downside to using the UPN vs. the SAM account names in AD.  SAM (or pre-2000) login has a 20 character limit, which becomes problematic in my environment.  is the SAM account name ever going to go away, as the name suggests, pre-2000 rarely exists these days.

also, i was wondering if there was a %_% shortcut for the UPN - when you use %username% it pulls the SAM, i'd like to use that notation to pull in the UPN.  

Question by:jhaff
    LVL 57

    Expert Comment

    by:Mike Kline
    No downside if you need to exceed the limit.  I doubt samaccountname will every go away.  I think when Windows 2000 initially came out there was a hope that the UPN would take off as the default login name but really it hasn't.  Not sure why that never happened.

    I haven't tested %userprinciapalname%...not sure on that one.


    LVL 6

    Accepted Solution

    The %_% shortcuts are really pulling from environment variables.  Unfortunately there is no built-in evnironment variable for UPN, but you could have a login script populate one for you when the user logs in:
    Command Line Example:
    for /f "delims=" %x in ('dsquery * -filter "(samaccountname=%username%)" -attr userprincipalname -l') do set UPN=%x
    Batch File Example:
    for /f "delims=" %%x in ('dsquery * -filter "(samaccountname=%%username%%)" -attr userprincipalname -l') do @set UPN=%%x

    There are no published plans for samaccountname to be changed or go away, and userprinciplename does not have to resemble samaccountname.  Many apps though still require a user to specify login as DOMAIN\username, which is their samaccountname, so keep that in mind.

    Author Comment

    no go on the %userprincipalname%... anyone know where i can find a list of the %_% variables?
    LVL 6

    Assisted Solution

    Type "set" at the command prompt. There are a few hidden ones that can be seen with "set /?".

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
    To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
    This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now