How to add a user in Active Directory with name longer than 20 characters?
Solution 1
As you've already found and stated in your question, the attribute is limited to 20 characters (MSDN article). This is for backwards compatibility. Active Directory itself is imposing this restriction therefore you can't override it programmatically.
Solution 2
20 characters is the limit for the "Pre-Windows 2000" name, also known as the samAccountName.
Refer to this previous answer for more information: https://serverfault.com/a/335565/20701
Related videos on Youtube
shrikant
Updated on September 18, 2022Comments
-
shrikant almost 2 years
I am using Windows 2008 R2 Server and trying to add a user in Active Directory.
I am able to save user ID of length less than 20 characters. But when I try to increase this value to 30 characters I get this error:
“System.DirectoryServices.DirectoryServicesCOMException (0x8007001F): A device attached to the system is not functioning. (Exception from HRESULT: 0x8007001F)”
This error when I searched on net give me various links saying that:
Please verify if the issue is caused by the length of sAMAccountName
The document of SAM-Account-Name also indicates that the length of it should be less than 20 characters.
I am using the code below to add user in Active Directory
public static void AddUser(ADUser adUser) { if (_logger.IsDebugEnabled) _logger.Debug("ADHelper.cs: Enter AddUser"); // Local variables DirectoryEntry oDE = null; DirectoryEntry oDENewUser = null; DirectoryEntries oDEs = null; try { oDE = GetDirectoryEntry(GetADPath(adUser.UserType)); // 1. Create user account oDEs = oDE.Children; oDENewUser = oDEs.Add("CN=" + adUser.UserName, "user"); // 2. Set properties SetProperty(oDENewUser, Constants.ADAttributes.givenName, adUser.FirstName); SetProperty(oDENewUser, Constants.ADAttributes.initials, adUser.MiddleInitial); SetProperty(oDENewUser, Constants.ADAttributes.sn, adUser.LastName); SetProperty(oDENewUser, Constants.ADAttributes.mail, adUser.Email); SetProperty(oDENewUser, Constants.ADAttributes.sAMAccountName, adUser.UserName); SetProperty(oDENewUser, Constants.ADAttributes.ChallengeQuestion, adUser.PasswordChallengeQuestion); SetProperty(oDENewUser, Constants.ADAttributes.ChallengeAnswer, adUser.PasswordChallengeAnswer); SetProperty(oDENewUser, Constants.ADAttributes.ChallengeQuestion2, adUser.PasswordChallengeQuestion2); SetProperty(oDENewUser, Constants.ADAttributes.ChallengeAnswer2, adUser.PasswordChallengeAnswer2); // Sharepoint changes if (adUser.CompanyGroupSupplier != string.Empty) { SetProperty(oDENewUser, Constants.ADAttributes.CompanyGroupSupplier, adUser.CompanyGroupSupplier); } if (adUser.PersonalGroupAddress != string.Empty) { SetProperty(oDENewUser, Constants.ADAttributes.PersonalGroupAddress, adUser.PersonalGroupAddress); } if (adUser.PersonalGroupPhone != string.Empty) { SetProperty(oDENewUser, Constants.ADAttributes.PersonalGroupPhone, adUser.PersonalGroupPhone); } // Sharepoint changes oDENewUser.CommitChanges(); // 3. Set password SetPassword(oDENewUser.Path, adUser.Password); // 4. Enable account EnableAccount(oDENewUser); oDENewUser.Close(); oDE.Close(); if (_logger.IsDebugEnabled) _logger.Debug("ADHelper.cs: Exit AddUser"); } catch (ApplicationException appex) { if (_logger.IsErrorEnabled) _logger.Error("ADHelper.cs: Exception occurred in AddUser. Message: ", appex); throw appex; } catch (Exception ex) { if (_logger.IsErrorEnabled) _logger.Error("ADHelper.cs: Exception occurred in AddUser. Message: ", ex); throw ex; } finally { if (oDENewUser != null) { oDENewUser.Dispose(); oDENewUser = null; } if (oDEs != null) { oDEs = null; } if (oDE != null) { oDE.Dispose(); oDE = null; } } }
How can I increase sAMAccountName length in Active Directory to around 30 characters in length?
-
MrGigu over 12 yearsIf this is a real user account, I don't think anyone really wants to be typing in a 20-character username. Mine is 11 and that's annoying enough.