Solved

Login problems with  AD useraccounts when the username contains special characters

Posted on 2014-11-27
3
673 Views
Last Modified: 2014-11-28
Hi,

We encounter login problems with  AD user-accounts when the username contains special characters like é or ü ......users cannot login! Hope someone has a solution because the 1500 user-account are imported!

Thanks!

Kind regards,
Dave
0
Comment
Question by:graphitbv
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40468689
Please see the Microsoft link below:
http://support.microsoft.com/kb/938447

The diacritic mark is not supported for user names (AD should have just change the diacritic to the normal letter), however you may try to have the user sign in without it:
e.g
stéinr  could probably login as steinr
0
 

Expert Comment

by:Pinpindesbois
ID: 40468869
Maybe i have a solution.

Go to powershell with AD module write this command:
Get-ADUser -filter * -Searchbase 'OU=your1500users,DC=contoso,DC=com' | ? {$_.sAMAccountname -cmatch'[é ü ]'}  | Select sAMaccountname | Export-csv -path C:\username.csv -NTI

Open in new window


Then go to your csv, copy the column A ( ctrl+c ,on excel). Replace every é by e, ü by u (CTRL+F -> replace -> search é and replace with E...) on the column A . Rename A1 by samaccountname1.
Then paste the original A column on B. Save your CSV.

Then execute this powershell script:

Import-Csv C:\username.csv | foreach {
$samoriginal = $($_.samaccountname)
$samnew = $($_.samaccountname1)
$samnew1 = $samnew + "1"
Set-ADUser -identity $samoriginal -samaccountname $samnew1 -UserPrincipalName "$($samnew1)@contoso.com"
Set-ADUser -identity $samoriginal -samaccountname $samnew -UserPrincipalName "$($samnew)@contoso.com"
}

Open in new window


This code will change the sam account name and UPN.
I don't know if it works. If an expert understood what i mean, can you correct me?
0
 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 40468882
The rename of the Sam account may be a possible direction however it seems the user imports have already happened ?

If so then as per Microsoft:
The German umlaut characters are interpreted to be the same as their base characters. For example, the "ü" character is interpreted to be the same as the "u" character. When this problem occurs, a user who is named "Muller" cannot be created if a user who is named "Müller" already exists. Similarly, a user who is named "Meissner" cannot be created if a user who is named "Meißner" already exists.

As such I would have users test with both the English and German versions of the name to be sure the AD did not simply replace the diacritic mark with the English version e.g: ü  with u

I would probably run a quick check against the list of users I have:

e.g:

gc userlist.txt | % {get-aduser $_}

This would help to see if the users were actually inserted to match your input file, we could add more filters, but I would at least verify the presence in the AD before making any changes.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question