sAMAccountNames in Active Directory
Use KeePass with Pleasant Password Server
Internally, Active Directory (AD) uses several naming schemes for a given object. In the case of a User, two fields are of particular relevance: sAMAccountName (SAM-Account) and userPrincipalName (UPN).
sAMAccountNames
- Logon names maintained for backwards compatability with pre-NT4 clients
- Format: domainname\username
- Limited to 20 characters
UPNs
- Logon names formatted as email addresses; Note: the UPN's domain doesn't always match the user's location domain
- Format: username@domainname.com
- No character limit
Current Limitations
Authentication / Auto-Import - Allows up to 20 characters (sAMAccountName)
The component that Pleasant Password Server (PPASS) uses for Auto-Import searches via sAMAccountName, not UPN. This means that PPASS will be unable to find users using long usernames, regardless of whether they exist.
Work-Around: Some customers have found a work-around by using the Directory alias ('@alias') as a suffix, for example, username@alias
Manual Importing - Allows 20 or more characters (sAMAccountName/UPN)
- Import Users or Import Groups pages will bind and allow manual importing of usernames of 20 or more characters long
How do I find sAMAccountNames?
With Active Directory Users and Computers open:
- Click View > Advanced Features
- Open the properties of an object > Attribute Editor tab > Scroll down to sAMAccountName
(animated GIF)